kasy-cli 1.20.0 → 1.21.0-beta.0

package/README.md

@@ -4,14 +4,22 @@ CLI for scaffolding production-ready Flutter SaaS apps.
 
 ## Install
 
+**macOS & Linux**
+
 ```bash
-npm install -g kasy-cli
+curl -fsSL https://kasy.dev/install | bash
+```
+
+**Windows (PowerShell)**
+
+```powershell
+irm https://kasy.dev/install.ps1 | iex
 ```
 
-Or run without installing:
+Or via npm:
 
 ```bash
-npx kasy-cli new
+npm install -g kasy-cli
 ```
 
 ## Quick start

package/lib/commands/docs.js

@@ -1,5 +1,4 @@
 const path = require('node:path');
-const { exec } = require('node:child_process');
 const fs = require('fs-extra');
 const kleur = require('kleur');
 const ui = require('../utils/ui');
@@ -8,15 +7,6 @@ const { createTranslator, detectDefaultLanguage } = require('../utils/i18n');
 
 const DOCS_FILE = path.join(__dirname, '..', '..', 'docs', 'cli-reference.md');
 
-function openInBrowser(url) {
-  const cmd = process.platform === 'darwin'
-    ? `open "${url}"`
-    : process.platform === 'win32'
-      ? `start "" "${url}"`
-      : `xdg-open "${url}"`;
-  exec(cmd);
-}
-
 async function runDocs(options = {}) {
   const t = createTranslator(options.language || detectDefaultLanguage());
 

package/lib/commands/ios.js

@@ -6,6 +6,7 @@ const kleur = require('kleur');
 const ui = require('../utils/ui');
 const { printCompactHeader } = require('../utils/brand');
 const { createTranslator, detectDefaultLanguage } = require('../utils/i18n');
+const { homeDir } = require('../utils/env-tools');
 const {
   isKasyFlutterProject,
   readBundleId,
@@ -73,7 +74,7 @@ async function runConfigure(directory, options = {}) {
     message: t('ios.configure.q.p8Path'),
     validate: async (v) => {
       if (!v || !v.trim()) return t('ios.configure.q.required');
-      const resolved = path.resolve(v.trim().replace(/^~/, process.env.HOME || ''));
+      const resolved = path.resolve(v.trim().replace(/^~/, homeDir()));
       if (!(await fs.pathExists(resolved))) return t('ios.configure.q.p8NotFound');
       return undefined;
     },
@@ -87,7 +88,7 @@ async function runConfigure(directory, options = {}) {
 
   const apiKey = apiKeyRaw.trim();
   const issuerId = issuerIdRaw.trim();
-  const p8Source = path.resolve(p8PathRaw.trim().replace(/^~/, process.env.HOME || ''));
+  const p8Source = path.resolve(p8PathRaw.trim().replace(/^~/, homeDir()));
 
   const destPath = await installPrivateKey(p8Source, apiKey);
   await writeAppleEnv(projectDir, {

package/lib/commands/new.js

@@ -19,16 +19,8 @@ function generateWebhookKey() {
   return 'rc_wh_' + crypto.randomBytes(16).toString('hex');
 }
 
-function openUrl(url) {
-  try {
-    const { exec } = require('node:child_process');
-    const cmd = process.platform === 'darwin' ? `open "${url}"`
-      : process.platform === 'win32' ? `start "" "${url}"`
-      : `xdg-open "${url}"`;
-    exec(cmd, { shell: true });
-  } catch (_) {}
-}
 const ui = require('../utils/ui');
+const { openUrl, promptOpenBrowser } = require('../utils/browser');
 const { printBanner, successBox, paintLime } = require('../utils/brand');
 const fs = require('fs-extra');
 const { createTranslator } = require('../utils/i18n');
@@ -50,7 +42,7 @@ const { generateFirebaseProject } = require('../scaffold/backends/firebase/gener
 const { generateSupabaseProject } = require('../scaffold/backends/supabase/generator');
 const { generateApiProject } = require('../scaffold/backends/api/generator');
 const { createProjectAndGetKeys, setupLinkedProject, checkLoggedIn, getOrgsList, getProjectsByOrg, getProjectKeys } = require('../scaffold/backends/supabase/deploy');
-const { writeSupabaseGoogleAuthOptions, readSupabaseGoogleCredentials, getGoogleClientSecretViaGcloud, flutterfireConfigure, writeGoogleAuthOptions, writeGoogleIosUrlScheme } = require('../scaffold/shared/post-build');
+const { writeSupabaseGoogleAuthOptions, readSupabaseGoogleCredentials, getGoogleClientSecretViaGcloud, flutterfireConfigure, writeGoogleAuthOptions, writeGoogleIosUrlScheme, writeGoogleIosUrlSchemeFromClientId } = require('../scaffold/shared/post-build');
 const { toPackageName } = require('../scaffold/backends/firebase/tokens');
 const { setupFromScratch, setupExistingProject, listBillingAccounts, listGcpOrganizations, checkGcloudAuth, getGcloudInstallInstructions, enableAuthProviders, registerDebugSha1 } = require('../scaffold/backends/firebase/setup-from-scratch');
 const { enableAuthViaFirebaseCli } = require('../scaffold/backends/firebase/enable-auth-via-cli');
@@ -212,7 +204,7 @@ const STEP_LABELS = {
   'supabase db push':  { en: 'Database migrated',    pt: 'Banco migrado',        es: 'Base de datos migrada' },
   'anonymous sign-in': { en: 'Anonymous sign-in enabled', pt: 'Login anonimo ativado', es: 'Inicio de sesion anonimo activado' },
   'google sign-in': { en: 'Google Sign-In enabled', pt: 'Google Sign-In ativado', es: 'Google Sign-In activado' },
-  'apple sign-in': { en: 'Apple Sign-In ready (configure credentials before testing — kasy.dev/docs/apple)', pt: 'Apple Sign-In preparado (configure as credenciais antes de testar — kasy.dev/docs/apple)', es: 'Apple Sign-In listo (configura las credenciales antes de probar — kasy.dev/docs/apple)' },
+  'apple sign-in': { en: 'Apple Sign-In enabled (native iOS ready; for web add a Service ID at kasy.dev/docs/apple)', pt: 'Apple Sign-In ativado (iOS nativo pronto; para web adicione um Service ID em kasy.dev/docs/apple)', es: 'Apple Sign-In activado (iOS nativo listo; para web añade un Service ID en kasy.dev/docs/apple)' },
   'google-auth-options': { en: 'Google client IDs written', pt: 'Client IDs do Google gravados', es: 'Client IDs de Google escritos' },
   'ios-url-scheme': { en: 'iOS URL scheme registered', pt: 'URL scheme iOS registrado', es: 'URL scheme iOS registrado' },
   'google-ios-url-scheme': { en: 'iOS Google URL scheme registered', pt: 'URL scheme Google iOS registrado', es: 'URL scheme Google iOS registrado' },
@@ -220,7 +212,7 @@ const STEP_LABELS = {
   'secret REVENUECAT_WEBHOOK_KEY': { en: 'RevenueCat webhook secret', pt: 'Secret webhook RevenueCat', es: 'Secret webhook RevenueCat' },
   'secret META_ACCESS_TOKEN': { en: 'Meta Access Token', pt: 'Meta Access Token', es: 'Meta Access Token' },
   'secret META_DATASET_ID': { en: 'Meta Dataset ID', pt: 'Meta Dataset ID', es: 'Meta Dataset ID' },
-  'fcm-key': { en: 'FCM Service Account key generated', pt: 'Chave FCM gerada automaticamente', es: 'Clave FCM generada automáticamente' },
+  'fcm-key': { en: 'FCM Service Account key', pt: 'Chave de Service Account FCM', es: 'Clave de Service Account FCM' },
   'fcm-key-saved': { en: 'FCM key saved to .kasy/', pt: 'Chave FCM salva em .kasy/', es: 'Clave FCM guardada en .kasy/' },
   'secret FIREBASE_SERVICE_ACCOUNT_JSON': { en: 'FCM Service Account configured', pt: 'Service Account FCM configurado', es: 'Service Account FCM configurado' },
   'gcp-project': { en: 'GCP project created', pt: 'Projeto GCP criado', es: 'Proyecto GCP creado' },
@@ -233,6 +225,7 @@ const STEP_LABELS = {
   'sha1': { en: 'SHA-1 added for Google Sign-In', pt: 'SHA-1 adicionado para Google Sign-In', es: 'SHA-1 añadido para Google Sign-In' },
   'service-account': { en: 'Service account key created', pt: 'Chave de conta de servico criada', es: 'Clave de cuenta de servicio creada' },
   'firestore': { en: 'Firestore database created', pt: 'Banco Firestore criado', es: 'Base de datos Firestore creada' },
+  'firestore-rules': { en: 'Firestore security rules deployed', pt: 'Regras de seguranca Firestore publicadas', es: 'Reglas de seguridad Firestore desplegadas' },
   'storage': { en: 'Firebase Storage bucket created', pt: 'Bucket Firebase Storage criado', es: 'Bucket Firebase Storage creado' },
   'storage-cors': { en: 'CORS enabled on Storage (web images)', pt: 'CORS ativado no Storage (imagens na web)', es: 'CORS activado en Storage (imágenes en web)' },
 };
@@ -255,6 +248,7 @@ const STEP_PROGRESS = {
   'sha1':          { en: 'Adding SHA-1 for Google Sign-In…',        pt: 'Adicionando SHA-1 para Google Sign-In…', es: 'Añadiendo SHA-1 para Google Sign-In…' },
   'service-account': { en: 'Creating service account key…',         pt: 'Criando chave de conta de servico…',      es: 'Creando clave de cuenta de servicio…' },
   'firestore':     { en: 'Creating Firestore database…',            pt: 'Criando banco Firestore…',                es: 'Creando base de datos Firestore…' },
+  'firestore-rules': { en: 'Deploying Firestore security rules…',  pt: 'Publicando regras de seguranca Firestore…', es: 'Desplegando reglas de seguridad Firestore…' },
   'storage':       { en: 'Creating Firebase Storage bucket…',       pt: 'Criando bucket Firebase Storage…',        es: 'Creando bucket Firebase Storage…' },
   'storage-cors':  { en: 'Enabling CORS on Storage…',                pt: 'Ativando CORS no Storage…',               es: 'Activando CORS en Storage…' },
   'deploy-retry-wait':   { en: 'Waiting 4 min for GCP permissions to propagate… (do not close terminal)', pt: 'Aguardando 4 min para permissões do GCP propagarem… (não feche o terminal)', es: 'Esperando 4 min para propagar permisos de GCP… (no cierres la terminal)' },
@@ -592,8 +586,7 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
       if (billing.ok && billing.accounts?.length > 0) return true;
       const billingUrl = 'https://console.cloud.google.com/billing/create';
       ui.log.warn(tr('new.firebase.billing.required'));
-      ui.note(`${tr('new.firebase.billing.create.steps')}\n${kleur.cyan(billingUrl)}`);
-      openUrl(billingUrl);
+      await promptOpenBrowser({ url: billingUrl, label: tr('new.firebase.billing.create.steps'), t: tr });
       const ready = await ui.confirm({
         message: tr('new.firebase.billing.created.ready'),
         initialValue: true,
@@ -813,11 +806,22 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
           process.exit(0);
         }
       };
-      const showBeforeContinue = (step1Key, authUrl) => {
-        ui.note(
-          `${tr(step1Key)}\n${kleur.cyan(authUrl)}`,
-          tr('new.firebase.create.beforeContinue.title')
-        );
+      const showBeforeContinue = async (step1Key, authUrl) => {
+        // Quick mode keeps prompts to a minimum: show the link and open it
+        // automatically. Step-by-step mode uses the Enter-to-open pattern.
+        if (isQuick) {
+          ui.note(
+            `${tr(step1Key)}\n${kleur.cyan(authUrl)}`,
+            tr('new.firebase.create.beforeContinue.title')
+          );
+          openUrl(authUrl);
+          return;
+        }
+        await promptOpenBrowser({
+          url: authUrl,
+          label: `${tr('new.firebase.create.beforeContinue.title')}\n${tr(step1Key)}`,
+          t: tr,
+        });
       };
       if (setupResult.ok) {
         ps1.succeed(tr('new.firebase.create.success'));
@@ -829,8 +833,7 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
         // retry will activate it once the OAuth Web Client exists. We only warn
         // here when Email/Anonymous themselves failed (which is the rare path).
         if (!setupResult.authEnabled) {
-          showBeforeContinue('new.firebase.create.beforeContinue.step1.noAuth', authUrl);
-          openUrl(authUrl);
+          await showBeforeContinue('new.firebase.create.beforeContinue.step1.noAuth', authUrl);
           if (!isQuick) {
             await askReady('new.firebase.create.beforeContinue.ready.noAuth');
           }
@@ -886,8 +889,7 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
             printCreateFromScratchStatus(lastResult, tr);
             const authUrl = `https://console.firebase.google.com/project/${core.firebaseProjectId}/authentication/providers`;
             if (!lastResult.authEnabled) {
-              showBeforeContinue('new.firebase.create.beforeContinue.step1.noAuth', authUrl);
-              openUrl(authUrl);
+              await showBeforeContinue('new.firebase.create.beforeContinue.step1.noAuth', authUrl);
               if (!isQuick) {
                 await askReady('new.firebase.create.beforeContinue.ready.noAuth');
               }
@@ -1215,16 +1217,23 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
     // --with flag was passed: use those modules directly, skip preset prompt.
     modules = preselectedModules;
   } else if (isQuick) {
-    // Quick mode: ship all features by default. Facebook is excluded because
-    // it requires App ID + token that we can't auto-generate — the user adds
-    // it later with `kasy add facebook` when they have the credentials.
-    modules = (MODULE_PRESETS.full || []).filter((m) => m !== 'facebook');
+    // Quick mode: ship all features the backend supports. Facebook is excluded
+    // because it requires App ID + token that we can't auto-generate — the user
+    // adds it later with `kasy add facebook` when they have the credentials.
+    // Filter by availableIn so backend-specific features (e.g. feedback needs a
+    // DB) don't leak into a backend that can't support them.
+    const quickAvailable = new Set(
+      getVisibleFeatures({ audience: KASY_AUDIENCE, backend }).map((f) => f.id)
+    );
+    modules = (MODULE_PRESETS.full || []).filter((m) => m !== 'facebook' && quickAvailable.has(m));
   } else {
     section('new.advanced.section.features');
     // Advanced mode: full multiselect — built from catalog, filtered by audience + backend.
     const visibleFeatures = getVisibleFeatures({ audience: KASY_AUDIENCE, backend });
 
-    // web has an extra runtime constraint: firebase create-mode only
+    // In Firebase create-mode the web app is already decided by the
+    // `firebaseIncludeWeb` prompt above, so hide `web` from the multiselect there
+    // to avoid asking twice. Supabase, API and Firebase existing-mode show it.
     const isWebExcluded = backend === 'firebase' && firebaseSetupMode === 'create';
 
     // Visual groups in display order (header key → feature ids in this group)
@@ -1479,7 +1488,9 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
     firebaseProjectId: core.firebaseProjectId.trim(),
     modules: modules || [],
     backend,
-    includeWeb: backend === 'firebase' ? firebaseIncludeWeb : true,
+    // Web platform follows the `web` feature so the flutterfire web app and the
+    // web/ folder stay in sync across all backends (Firebase, Supabase, API).
+    includeWeb: modules.includes('web'),
     supabaseUrl: core.supabaseUrl?.trim(),
     supabaseAnonKey: core.supabaseAnonKey?.trim(),
     apiBaseUrl: core.apiBaseUrl?.trim(),
@@ -1587,38 +1598,66 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
     : (supabaseExistingResult?.ok ? { projectRef: supabaseExistingResult.projectRef, dbPassword: supabaseExistingResult.dbPassword } : null);
 
   if (backend === 'supabase') {
-    // ── Auto-resolve Google credentials from flutterfire output files ────────
+    // ── Google Sign-In: create a real Google OAuth client, then push it to Supabase ──
     const flutterfireOk = result.steps.find((s) => s.name === 'flutterfire')?.ok;
-    if (flutterfireOk) {
+    if (flutterfireOk && answers.firebaseProjectId) {
+      // Supabase Google Sign-In needs a genuine OAuth Web Client (id + secret).
+      // The only reliable way to create it is the Firebase CLI auth deploy, the
+      // same path the Firebase backend uses. The REST API cannot create the OAuth
+      // client, which is why Google used to come out disabled on Supabase projects.
+      const googleSpinner = ui.spinner();
+      googleSpinner.start(tr('new.google.enabling'));
+      const cliResult = await enableAuthViaFirebaseCli({
+        projectDir: targetDir,
+        projectId: answers.firebaseProjectId,
+        appName: answers.appName,
+      });
+      googleSpinner.stop(tr('new.google.enabling'));
+
+      if (cliResult.ok) {
+        // The deploy created the OAuth Web Client + iOS client. Re-run flutterfire so
+        // google-services.json and GoogleService-Info.plist pick up the new Client IDs.
+        const rerunSpinner = ui.spinner();
+        rerunSpinner.start(tr('new.google.refreshConfigs'));
+        await flutterfireConfigure(targetDir, answers.firebaseProjectId, {
+          includeWeb: answers.includeWeb !== false,
+        });
+        rerunSpinner.stop(tr('new.google.refreshConfigs'));
+      } else if (cliResult.error === 'support_email_required') {
+        ui.log.warn(tr('new.google.manualHint.noEmail'));
+      }
+
+      // Read the Web + iOS Client IDs from the refreshed config files.
       const fileCreds = await readSupabaseGoogleCredentials(targetDir);
       googleWebClientId = fileCreds.webClientId;
       googleIosClientId = fileCreds.iosClientId;
 
-      // Enable Google Sign-In in Firebase Auth so Identity Toolkit stores the client secret.
-      // This is the same step that setupFromScratch runs for Firebase backend.
-      // For Supabase, Firebase Auth is not used for auth, but enabling Google here is the
-      // only way to make the client secret available via the Identity Toolkit API.
-      // Non-fatal: silently ignored if it fails (e.g. API not yet propagated).
-      if (answers.firebaseProjectId) {
-        const authResult = await enableAuthProviders(answers.firebaseProjectId);
-        if (authResult.ok && !authResult.googleSignInSkipped) {
-          printStepResult({ name: 'google sign-in', ok: true }, language);
-        }
-        if (authResult.appleEnabled) {
-          printStepResult({ name: 'apple sign-in', ok: true }, language);
+      // Read the OAuth Client Secret from the Identity Toolkit now that the client
+      // exists. It can lag a moment behind the deploy, so retry briefly.
+      if (googleWebClientId) {
+        for (let attempt = 1; attempt <= 3 && !googleClientSecret; attempt++) {
+          googleClientSecret = await getGoogleClientSecretViaGcloud(answers.firebaseProjectId);
+          if (!googleClientSecret && attempt < 3) {
+            await new Promise((resolve) => setTimeout(resolve, 2000));
+          }
         }
       }
 
-      // Try to get the Client Secret from Identity Toolkit API (requires gcloud auth)
-      if (answers.firebaseProjectId && googleWebClientId) {
-        googleClientSecret = await getGoogleClientSecretViaGcloud(answers.firebaseProjectId);
-      }
-
-      // Always write google_auth_options.dart with whatever credentials we have
+      // Persist the Client IDs into the app and register the iOS URL scheme.
       if (googleWebClientId) {
         const gaResult = await writeSupabaseGoogleAuthOptions(targetDir, googleWebClientId, googleIosClientId);
         printStepResult({ name: 'google-auth-options', ok: gaResult.ok, detail: gaResult.error }, language);
       }
+      if (googleIosClientId) {
+        const iosResult = await writeGoogleIosUrlSchemeFromClientId(targetDir, googleIosClientId);
+        printStepResult({ name: 'google-ios-url-scheme', ok: iosResult.ok, detail: iosResult.error }, language);
+      }
+
+      // Google is only enabled on Supabase when we have both the Web Client ID and
+      // its secret. If either is missing, point the user to the dashboard to finish.
+      if (!googleWebClientId || !googleClientSecret) {
+        ui.log.warn(tr('new.google.supabaseManual'));
+      }
     }
 
     if (supabaseSetupPayload) {
@@ -1631,9 +1670,9 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
         fcmSpinner.stop(tr('new.fcm.generating'));
         if (fcmResult.ok) {
           fcmServiceAccountJson = fcmResult.json;
-          printStepResult({ name: 'fcm-key', ok: true }, language);
+          printStepResult({ name: 'fcm-key', ok: true, detail: tr('new.fcm.ok') }, language);
         } else {
-          printStepResult({ name: 'fcm-key', ok: false, detail: 'configure FIREBASE_SERVICE_ACCOUNT_JSON manualmente' }, language);
+          printStepResult({ name: 'fcm-key', ok: false, detail: tr('new.fcm.failSupabase') }, language);
         }
       }
 
@@ -1657,12 +1696,14 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
         const google = googleWebClientId && googleClientSecret
           ? { webClientId: googleWebClientId, clientSecret: googleClientSecret }
           : {};
+        const apple = answers.bundleId ? { bundleId: answers.bundleId } : {};
         const setupSteps = await setupLinkedProject(
           targetDir,
           supabaseSetupPayload.projectRef,
           supabaseSetupPayload.dbPassword,
           secrets,
-          google
+          google,
+          apple
         );
         setupSpinner.stop(tr('new.supabase.setup'));
         setupSteps.forEach((s) => printStepResult(s, language));
@@ -1724,7 +1765,7 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
         printStepResult({ name: 'fcm-key-saved', ok: false, detail: 'salvar arquivo de chave falhou' }, language);
       }
     } else {
-      printStepResult({ name: 'fcm-key', ok: false, detail: 'configure FIREBASE_SERVICE_ACCOUNT_JSON manualmente' }, language);
+      printStepResult({ name: 'fcm-key', ok: false, detail: tr('new.fcm.failApi') }, language);
     }
   }
 
@@ -1750,7 +1791,6 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
         ui.log.warn(
           `${tr('new.sha1.failed', { error: (sha1Result.sha1Error || '').slice(0, 120) })}\n${tr('new.sha1.manual')}\n${kleur.cyan(sha1ManualUrl)}`
         );
-        openUrl(sha1ManualUrl);
       }
     }
   }
@@ -1765,12 +1805,12 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
   }
 
   // ── Google + Apple Sign-In: use Firebase CLI for Google (creates OAuth client),
-  // then REST API for Apple as best-effort. ───────────────────────────────────
+  // then REST API for Apple as best-effort.
   // Firebase CLI's `deploy --only auth` is the only documented path that auto-
-  // creates the OAuth 2.0 Web Client without manual Console clicks — the same
+  // creates the OAuth 2.0 Web Client without manual Console clicks, the same
   // backend that the Console hits internally.
-  // (Supabase backend keeps the REST-only retry — its OAuth client is provisioned
-  // differently via the linked Firebase Web app.)
+  // (The Supabase backend runs the same CLI deploy earlier, in its own block, then
+  // pushes the resulting Google + Apple credentials to Supabase via the Mgmt API.)
   if (backend === 'firebase' && answers.firebaseProjectId && flutterfireStep?.ok) {
     const googleSpinner = ui.spinner();
     googleSpinner.start(tr('new.google.enabling'));

package/lib/commands/run.js

@@ -303,6 +303,13 @@ async function runRun(directory, options = {}) {
     // Firebase Auth persists sessions per-origin (IndexedDB) — a random port
     // each run means the user gets logged out every restart.
     deviceArgs.push('--web-port', options.webPort || '5555');
+    // Google Sign-In opens an auth popup that must talk back to the app window.
+    // The web server's default Cross-Origin-Opener-Policy can sever that link
+    // ("Cross-Origin-Opener-Policy policy would block the window.closed call"),
+    // so in a plain browser tab (kasy run --web, no dedicated Chrome) the popup
+    // can't report success and sign-in appears to fail. `same-origin-allow-popups`
+    // keeps the opener relationship intact while staying same-origin safe.
+    deviceArgs.push('--web-header', 'Cross-Origin-Opener-Policy=same-origin-allow-popups');
   }
 
   // Read dart-defines from .vscode/launch.json (skip if --no-defines)

package/lib/scaffold/CHANGELOG.json

@@ -1,4 +1,18 @@
 {
+  "1.21.0": {
+    "modules": {
+      "components": {
+        "pt": "KasySidebarPro com renderização mais leve: removidos cálculos de borda redundantes, deixando a sidebar mais simples e performática.",
+        "en": "Lighter KasySidebarPro rendering: removed redundant border-radius calculations, making the sidebar simpler and more performant.",
+        "es": "Renderizado más ligero de KasySidebarPro: se quitaron cálculos de borde redundantes, dejando la barra lateral más simple y eficiente."
+      },
+      "core": {
+        "pt": "KasyHover agora aceita hoverEnabled: permite desligar o realce ao passar o mouse em listas simples (como a tela de Configurações), mantendo o cursor de clique e o feedback de toque.",
+        "en": "KasyHover now accepts hoverEnabled: lets you turn off the hover highlight on plain list rows (like the Settings screen) while keeping the click cursor and press feedback.",
+        "es": "KasyHover ahora acepta hoverEnabled: permite desactivar el resaltado al pasar el cursor en listas simples (como la pantalla de Ajustes), manteniendo el cursor de clic y el feedback al pulsar."
+      }
+    }
+  },
   "1.18.0": {
     "modules": {
       "components": {

package/lib/scaffold/backends/api/patch/lib/core/data/api/meta_ads_api.dart

@@ -10,7 +10,7 @@ final metaAdsApiProvider = Provider<MetaAdsApi>(
 ///
 /// Your backend must expose:
 ///   POST /meta-track-event
-///   Authorization: Bearer <user-token>
+///   Authorization: Bearer `<user-token>`
 ///   Body: { "event_name": "CompleteRegistration", "custom_data": {} }
 ///
 /// The backend is responsible for calling the Meta Graph API server-to-server.

package/lib/scaffold/backends/api/patch/lib/core/data/api/storage_api.dart

@@ -34,7 +34,7 @@ abstract class StorageApi {
 ///
 /// Expected endpoints:
 ///   POST   /storage/upload  — multipart/form-data with fields: file, folder, public
-///   DELETE /storage/file    — JSON body: { "path": "<imagePath>" }
+///   DELETE /storage/file    — JSON body: `{ "path": "<imagePath>" }`
 ///
 /// Expected upload response JSON:
 ///   { "path": "folder/filename.jpg", "url": "https://..." }

package/lib/scaffold/backends/api/patch/lib/core/data/entities/user_entity.dart

@@ -29,7 +29,7 @@ class Credentials {
   final String id;
   // this is the user security token (example: JWT)
   // but your can use an Oauth2 token with a refresh token too
-  final String token;
+  final String? token;
 
   Credentials({
     required this.id,

package/lib/scaffold/backends/api/patch/lib/features/authentication/api/authentication_api.dart

@@ -101,7 +101,7 @@ class HttpAuthenticationApi implements AuthenticationApi {
   }
 
   @override
-  Future<Credentials> signinAnonymously() async {
+  Future<Credentials> signinAnonymously() {
     // REST API backends typically do not support anonymous accounts natively.
     // Option A – skip anonymous sign-in: remove anonymous auth from the
     //   onboarding flow and require full registration before using the app.
@@ -145,7 +145,7 @@ class HttpAuthenticationApi implements AuthenticationApi {
   }
 
   @override
-  Future<Credentials> signinWithGooglePlay() async {
+  Future<Credentials> signinWithGooglePlay() {
     // google_sign_in 7.x removed SignInOption.games.
     // For Play Games support, use the games_services package separately.
     return signinWithGoogle();
@@ -166,14 +166,13 @@ class HttpAuthenticationApi implements AuthenticationApi {
       rethrow;
     }
     throw UnimplementedError('''
-    ❌ You must edit lib/features/authentication/api/authentication_api.dart 
+    ❌ You must edit lib/features/authentication/api/authentication_api.dart
     to send the Oauth2 token result to your backend
+    Available token: ${credential.identityToken}
     ----------------
     Please follow the instructions here:
     https://pub.dev/packages/sign_in_with_apple
     ''');
-    
-    
   }
 
   @override

package/lib/scaffold/backends/api/patch/lib/features/feedbacks/api/feature_request_api.dart

@@ -11,7 +11,7 @@ final featureRequestApiProvider = Provider<FeatureRequestApi>(
 );
 
 /// REST endpoints expected:
-///   GET  /feature-requests              → List<FeatureRequestEntity> (only active)
+///   GET  /feature-requests              → `List<FeatureRequestEntity>` (only active)
 ///   POST /feature-requests              body: {title, description} → 201 Created
 ///     Server creates with active: false and stores title/description in all locales.
 class FeatureRequestApi {

package/lib/scaffold/backends/api/patch/lib/features/feedbacks/api/feature_vote_api.dart

@@ -11,7 +11,7 @@ final featureVoteApiProvider = Provider<FeatureVoteApi>(
 );
 
 /// REST endpoints expected:
-///   GET    /feature-votes          → List<UserFeatureVoteEntity> (filtered by authenticated user)
+///   GET    /feature-votes          → `List<UserFeatureVoteEntity>` (filtered by authenticated user)
 ///   POST   /feature-votes          → UserFeatureVoteEntity  body: {feature_id}
 ///   DELETE /feature-votes/:id      → 204 No Content
 class FeatureVoteApi {

package/lib/scaffold/backends/api/patch/lib/features/llm_chat/api/llm_chat_api.dart

@@ -9,7 +9,7 @@ final llmChatApiProvider = Provider<LlmChatApi>(
 );
 
 /// REST endpoints expected on your backend:
-///   GET    /llm-messages            → List<LlmChatMessageEntity> (current user)
+///   GET    /llm-messages            → `List<LlmChatMessageEntity>` (current user)
 ///   POST   /llm-messages            → saves one message
 ///   DELETE /llm-messages            → clears all messages (current user)
 ///