kasy-cli 1.21.9 → 1.23.0

package/lib/scaffold/backends/supabase/edge-functions/stripe-webhook/index.ts

@@ -0,0 +1,138 @@
+/**
+ * Supabase Edge Function: Stripe Webhook
+ *
+ * The ONLY writer of the `subscriptions` table for Stripe (web) subscriptions.
+ * Verifies the Stripe signature, then upserts the user's subscription with
+ * store='STRIPE'. The user id is read from the subscription metadata
+ * (supabaseUID), which the checkout function set server-side.
+ *
+ * Deployed WITHOUT JWT verification (Stripe calls it with a stripe-signature,
+ * not a Supabase JWT) — authenticity is enforced by the signature check.
+ *
+ * Secrets required (set via `supabase secrets set`):
+ *   - STRIPE_SECRET_KEY
+ *   - STRIPE_WEBHOOK_SECRET: whsec_... (from the Stripe webhook endpoint config)
+ *   - SUPABASE_URL / SUPABASE_SERVICE_ROLE_KEY (auto-provided)
+ */
+
+import Stripe from "npm:stripe@18";
+import { createClient } from "https://esm.sh/@supabase/supabase-js@2.47.10";
+
+const SubscriptionStatus = {
+  ACTIVE: "ACTIVE",
+  EXPIRED: "EXPIRED",
+} as const;
+
+function statusFromStripe(sub: Stripe.Subscription): string {
+  switch (sub.status) {
+    case "active":
+    case "trialing":
+      return SubscriptionStatus.ACTIVE;
+    default:
+      // canceled, unpaid, past_due, incomplete, incomplete_expired, paused
+      return SubscriptionStatus.EXPIRED;
+  }
+}
+
+// In Stripe API v18 the billing period lives on each subscription item; older
+// versions exposed it on the subscription. Read whichever is present.
+function periodEndMs(sub: Stripe.Subscription): number | null {
+  const item = sub.items?.data?.[0] as { current_period_end?: number } | undefined;
+  const fromItem = item?.current_period_end;
+  const fromSub = (sub as unknown as { current_period_end?: number }).current_period_end;
+  const sec = fromItem ?? fromSub;
+  return sec ? sec * 1000 : null;
+}
+
+Deno.serve(async (req: Request) => {
+  const signature = req.headers.get("stripe-signature");
+  if (!signature) return new Response("Missing signature", { status: 400 });
+
+  const secretKey = Deno.env.get("STRIPE_SECRET_KEY");
+  const webhookSecret = Deno.env.get("STRIPE_WEBHOOK_SECRET");
+  const supabaseUrl = Deno.env.get("SUPABASE_URL");
+  const serviceRoleKey = Deno.env.get("SUPABASE_SERVICE_ROLE_KEY");
+  if (!secretKey || !webhookSecret || !supabaseUrl || !serviceRoleKey) {
+    console.error("[stripe-webhook] missing secrets");
+    return new Response("Server configuration error", { status: 500 });
+  }
+
+  const stripe = new Stripe(secretKey);
+  const bodyText = await req.text();
+
+  let event: Stripe.Event;
+  try {
+    event = await stripe.webhooks.constructEventAsync(bodyText, signature, webhookSecret);
+  } catch (e) {
+    console.log(`[stripe-webhook] signature verification failed: ${e}`);
+    return new Response("Invalid signature", { status: 400 });
+  }
+
+  const handled = [
+    "customer.subscription.created",
+    "customer.subscription.updated",
+    "customer.subscription.deleted",
+  ];
+  if (!handled.includes(event.type)) {
+    return new Response("ok");
+  }
+
+  const sub = event.data.object as Stripe.Subscription;
+  const uid = sub.metadata?.supabaseUID;
+  if (!uid) {
+    console.log("[stripe-webhook] subscription without supabaseUID metadata, skipping");
+    return new Response("ok");
+  }
+
+  const supabase = createClient(supabaseUrl, serviceRoleKey);
+
+  try {
+    // The subscriptions row references public.users(id). Skip unknown users.
+    const { data: userRows } = await supabase
+      .from("users")
+      .select("id")
+      .eq("id", uid)
+      .limit(1);
+    if (!userRows?.length) {
+      console.log("[stripe-webhook] user not found:", uid);
+      return new Response("ok");
+    }
+
+    const item = sub.items?.data?.[0];
+    const priceId = item?.price?.id ?? "";
+    const ms = periodEndMs(sub);
+    const now = new Date().toISOString();
+    const payload = {
+      status: statusFromStripe(sub),
+      last_update_date: now,
+      period_end_date: ms ? new Date(ms).toISOString() : null,
+      sku_id: priceId,
+      offer_id: priceId,
+      store: "STRIPE",
+    };
+
+    const { data: existing } = await supabase
+      .from("subscriptions")
+      .select("user_id")
+      .eq("user_id", uid)
+      .maybeSingle();
+
+    if (existing) {
+      const { error: updateErr } = await supabase
+        .from("subscriptions")
+        .update(payload)
+        .eq("user_id", uid);
+      if (updateErr) console.error("[stripe-webhook] update error:", updateErr);
+    } else {
+      const { error: insertErr } = await supabase
+        .from("subscriptions")
+        .insert({ user_id: uid, creation_date: now, ...payload });
+      if (insertErr) console.error("[stripe-webhook] insert error:", insertErr);
+    }
+
+    return new Response("ok");
+  } catch (err) {
+    console.error("[stripe-webhook] error:", err);
+    return new Response(err instanceof Error ? err.message : "Internal error", { status: 500 });
+  }
+});

package/lib/scaffold/backends/supabase/generator.js

@@ -1,23 +1,23 @@
 /**
  * Supabase project generator.
  *
- * Wrapper fino sobre generateProject().
- * A lógica de geração comum (cópia, pub get, slang, build_runner, flutterfire)
- * vive em cli/lib/scaffold/generate.js.
+ * Thin wrapper over generateProject().
+ * The common generation logic (copy, pub get, slang, build_runner, flutterfire)
+ * lives in cli/lib/scaffold/generate.js.
  *
- * Hook específico (applyBackendSetup):
- *   1. Aplica supabase/patch/ sobre o template Firebase copiado
- *   2. Substitui pubspec.yaml pelo template Supabase (pubspec.yaml.tpl)
- *   3. Remove artefatos Firebase exclusivos (ex: GoogleService-Info.plist paths)
- *   4. Escreve overrides de environment (supabaseUrl, supabaseAnonKey)
- *   5. Copia config.toml, migrations e edge-functions do backend Supabase
+ * Specific hook (applyBackendSetup):
+ *   1. Applies supabase/patch/ over the copied Firebase template
+ *   2. Replaces pubspec.yaml with the Supabase template (pubspec.yaml.tpl)
+ *   3. Removes Firebase-only artifacts (e.g. GoogleService-Info.plist paths)
+ *   4. Writes environment overrides (supabaseUrl, supabaseAnonKey)
+ *   5. Copies config.toml, migrations and edge-functions for the Supabase backend
  */
 
 const path = require('node:path');
 const fs = require('fs-extra');
 const { applyPatch, copyWithTokens } = require('../../engine');
 const { generateProject } = require('../../generate');
-const { writeEnvironnementsOverrides } = require('../../shared/generator-utils');
+const { writeEnvironmentsOverrides } = require('../../shared/generator-utils');
 const { removeBackendSpecificArtifacts } = require('../../shared/backend-config');
 
 const SUPABASE_PATCH_DIR = path.join(__dirname, 'patch');
@@ -40,7 +40,7 @@ async function generateSupabaseProject(targetDir, options) {
       // 1. Patch Supabase (auth, storage, notifications, etc.)
       const { filesApplied } = await applyPatch(SUPABASE_PATCH_DIR, dir, tokens, pathReplacements);
 
-      // 1b. README do backend (excluído do applyPatch) — copiar manualmente
+      // 1b. Backend README (excluded from applyPatch) — copy it manually
       const language = opts.language ?? 'pt';
       const readmeLang = ['en', 'pt', 'es'].includes(language) ? language : 'en';
       const candidates = [
@@ -54,7 +54,7 @@ async function generateSupabaseProject(targetDir, options) {
         }
       }
 
-      // 2. Substituir pubspec.yaml pelos deps do Supabase
+      // 2. Replace pubspec.yaml with the Supabase deps
       const pubspecContent = await fs.readFile(SUPABASE_PUBSPEC, 'utf8');
       let pubspecReplaced = pubspecContent;
       for (const [from, to] of Object.entries(tokens)) {
@@ -62,20 +62,20 @@ async function generateSupabaseProject(targetDir, options) {
       }
       await fs.outputFile(path.join(dir, 'pubspec.yaml'), pubspecReplaced, 'utf8');
 
-      // 3. Remover artefatos exclusivos do Firebase
+      // 3. Remove Firebase-only artifacts
       await removeBackendSpecificArtifacts(dir, 'supabase', opts.modules ?? []);
 
-      // 4. Escrever overrides de environment com as credenciais Supabase
-      await writeEnvironnementsOverrides(dir, 'supabase', tokens, {
+      // 4. Write environment overrides with the Supabase credentials
+      await writeEnvironmentsOverrides(dir, 'supabase', tokens, {
         supabaseUrl: opts.supabaseUrl,
         supabaseAnonKey: opts.supabaseAnonKey,
       });
 
-      // 5. Copiar arquivos da infraestrutura Supabase
+      // 5. Copy the Supabase infrastructure files
       const supabaseDir = path.join(dir, 'supabase');
       await fs.ensureDir(supabaseDir);
 
-      // Tokens extras para substituição nas migrations SQL
+      // Extra tokens for substitution in the SQL migrations
       const supabaseTokens = {
         ...tokens,
         'supabaseplaceholder.supabase.co': (opts.supabaseUrl || '').replace(/^https?:\/\//, ''),

package/lib/scaffold/backends/supabase/migrations/20240101000009_ai_messages.sql

@@ -0,0 +1,50 @@
+-- AI chat history (one user has many conversations, each with many messages).
+
+-- Conversations. The last message is denormalized onto the row so the list can
+-- be rendered with a single query (no need to read each conversation's messages
+-- just to show a preview + timestamp).
+CREATE TABLE IF NOT EXISTS public.ai_conversations (
+  id                   UUID        PRIMARY KEY DEFAULT gen_random_uuid(),
+  user_id              UUID        NOT NULL REFERENCES public.users(id) ON DELETE CASCADE,
+  last_message_role    TEXT        CHECK (last_message_role IN ('user', 'assistant')),
+  last_message_content TEXT,
+  created_at           TIMESTAMPTZ NOT NULL DEFAULT now(),
+  updated_at           TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+-- Row Level Security: users can only access their own conversations.
+ALTER TABLE public.ai_conversations ENABLE ROW LEVEL SECURITY;
+
+CREATE POLICY "Users can manage their own ai conversations"
+  ON public.ai_conversations
+  FOR ALL
+  USING  (auth.uid() = user_id)
+  WITH CHECK (auth.uid() = user_id);
+
+-- Index for listing a user's conversations, most recently updated first.
+CREATE INDEX IF NOT EXISTS ai_conversations_user_updated_at_idx
+  ON public.ai_conversations (user_id, updated_at DESC);
+
+-- Messages. Each row stores one message (user or assistant) inside a
+-- conversation. user_id is kept for a simple RLS policy.
+CREATE TABLE IF NOT EXISTS public.ai_messages (
+  id              UUID        PRIMARY KEY DEFAULT gen_random_uuid(),
+  conversation_id UUID        NOT NULL REFERENCES public.ai_conversations(id) ON DELETE CASCADE,
+  user_id         UUID        NOT NULL REFERENCES public.users(id) ON DELETE CASCADE,
+  role            TEXT        NOT NULL CHECK (role IN ('user', 'assistant')),
+  content         TEXT        NOT NULL,
+  created_at      TIMESTAMPTZ NOT NULL DEFAULT now()
+);
+
+-- Row Level Security: users can only access their own messages.
+ALTER TABLE public.ai_messages ENABLE ROW LEVEL SECURITY;
+
+CREATE POLICY "Users can manage their own ai messages"
+  ON public.ai_messages
+  FOR ALL
+  USING  (auth.uid() = user_id)
+  WITH CHECK (auth.uid() = user_id);
+
+-- Index for fast ordered queries within a conversation.
+CREATE INDEX IF NOT EXISTS ai_messages_conversation_created_at_idx
+  ON public.ai_messages (conversation_id, created_at ASC);

package/lib/scaffold/backends/supabase/migrations/20240101000012_stripe_customers.sql

@@ -0,0 +1,36 @@
+-- Stripe (web) subscriptions support + subscription write hardening.
+--
+-- 1. `stripe_customers` maps a Supabase auth user to its single Stripe customer
+--    id, so the checkout/portal Edge Functions can find-or-create one customer
+--    per user.
+-- 2. Hardens `subscriptions` so ONLY the server (service role, used by the
+--    Stripe and RevenueCat webhooks) can write it. The client can only read its
+--    own row. This prevents a client from forging a premium subscription.
+--    Previously a `FOR ALL` policy let a client insert/update its own row.
+
+-- Map auth user -> Stripe customer id. Written only by the server (service role,
+-- which bypasses RLS). Clients may read their own mapping but never write it.
+CREATE TABLE IF NOT EXISTS public.stripe_customers (
+  user_id UUID PRIMARY KEY REFERENCES public.users(id) ON DELETE CASCADE,
+  customer_id TEXT NOT NULL,
+  created_at TIMESTAMPTZ DEFAULT now()
+);
+
+CREATE UNIQUE INDEX IF NOT EXISTS idx_stripe_customers_customer_id
+  ON public.stripe_customers(customer_id);
+
+ALTER TABLE public.stripe_customers ENABLE ROW LEVEL SECURITY;
+
+-- Read-only for the owning user; no insert/update/delete policy => clients
+-- cannot write (only the service role, which bypasses RLS, can).
+DROP POLICY IF EXISTS "Stripe customers read own" ON public.stripe_customers;
+CREATE POLICY "Stripe customers read own" ON public.stripe_customers
+  FOR SELECT USING (auth.uid() = user_id);
+
+-- Harden subscriptions: clients read their own row only; all writes come from
+-- the webhook via the service role. Replaces the previous FOR ALL policy that
+-- allowed a client to insert/update (forge) its own subscription.
+DROP POLICY IF EXISTS "Subscriptions own" ON public.subscriptions;
+DROP POLICY IF EXISTS "Subscriptions read own" ON public.subscriptions;
+CREATE POLICY "Subscriptions read own" ON public.subscriptions
+  FOR SELECT USING (auth.uid() = user_id);

package/lib/scaffold/backends/supabase/migrations/20240101000013_admin_role.sql

@@ -0,0 +1,62 @@
+-- Admin role support
+--
+-- Adds a server-only `role` column to public.users. null/absent = normal user,
+-- 'admin' = administrator (unlocks the admin console's server data). The column
+-- can be written ONLY by the service role (Edge Functions) or the dashboard /
+-- SQL editor — never by the app client, so a user can never promote themselves
+-- to admin. This mirrors the Firebase rule that blocks `role` writes.
+
+ALTER TABLE public.users ADD COLUMN IF NOT EXISTS role TEXT;
+
+-- Guard trigger: the app client (anon / authenticated) can update its own row
+-- but never the `role` column. Privileged roles pass straight through:
+--   - service_role : used by Edge Functions and the dashboard
+--   - postgres / supabase_admin : migrations and the SQL editor
+-- so an admin can still assign roles by hand.
+CREATE OR REPLACE FUNCTION public.enforce_role_immutable()
+RETURNS TRIGGER
+LANGUAGE plpgsql
+AS $$
+BEGIN
+  IF current_user IN ('service_role', 'postgres', 'supabase_admin') THEN
+    RETURN NEW; -- privileged caller: allow the change
+  END IF;
+
+  IF TG_OP = 'INSERT' THEN
+    NEW.role := NULL; -- clients never set a role on signup
+  ELSIF NEW.role IS DISTINCT FROM OLD.role THEN
+    RAISE EXCEPTION 'The role field can only be changed by the server';
+  END IF;
+
+  RETURN NEW;
+END;
+$$;
+
+DROP TRIGGER IF EXISTS users_enforce_role_immutable ON public.users;
+CREATE TRIGGER users_enforce_role_immutable
+  BEFORE INSERT OR UPDATE ON public.users
+  FOR EACH ROW EXECUTE FUNCTION public.enforce_role_immutable();
+
+-- Admin helper: true when the current caller is an administrator. SECURITY
+-- DEFINER so it reads the role regardless of the caller's own RLS (and avoids
+-- policy recursion). Used by admin-only policies below.
+CREATE OR REPLACE FUNCTION public.is_admin()
+RETURNS BOOLEAN
+LANGUAGE sql
+SECURITY DEFINER
+SET search_path = public
+STABLE
+AS $$
+  SELECT EXISTS (
+    SELECT 1 FROM public.users
+    WHERE id = auth.uid() AND role = 'admin'
+  );
+$$;
+
+-- Feature requests moderation (admin console "Requests" tab): only admins can
+-- toggle visibility (active) or edit the localized texts. Voting still flows
+-- through the feature_votes triggers, so this admin policy is the ONLY way a
+-- client can UPDATE feature_requests directly.
+DROP POLICY IF EXISTS "Feature requests admin update" ON public.feature_requests;
+CREATE POLICY "Feature requests admin update" ON public.feature_requests
+  FOR UPDATE USING (public.is_admin()) WITH CHECK (public.is_admin());

package/lib/scaffold/backends/supabase/patch/lib/core/data/entities/user_entity.dart

@@ -16,6 +16,10 @@ sealed class UserEntity with _$UserEntity {
     @JsonKey(name: 'avatar_url') String? avatarPath,
     bool? onboarded,
     String? locale,
+    // Access-control role. null/absent = normal user; "admin" unlocks the admin
+    // console's server data. Server-only: the `users` guard trigger blocks the
+    // client from writing it (set it from the Supabase dashboard / SQL editor).
+    String? role,
   }) = UserEntityData;
 
   const UserEntity._();

package/lib/scaffold/backends/supabase/patch/lib/{environnements.dart → environments.dart}

@@ -6,7 +6,7 @@ import 'package:freezed_annotation/freezed_annotation.dart';
 import 'package:kasy_kit/core/config/app_env.dart';
 import 'package:kasy_kit/core/states/user_state_notifier.dart';
 
-part 'environnements.freezed.dart';
+part 'environments.freezed.dart';
 
 // URLs for terms of service and privacy policy
 const kTermsUrl = '';
@@ -38,10 +38,6 @@ sealed class Environment with _$Environment {
     /// (only if you want to use in-app purchases with RevenueCat)
     String? revenueCatIOSApiKey,
 
-    /// RevenueCat Web Billing API key (rcb_xxx or rcb_sb_xxx)
-    /// (only if you want to use subscriptions on web)
-    String? revenueCatWebApiKey,
-
     /// this is used to open the app store page of your app for reviews
     String? appStoreId,
 
@@ -74,10 +70,6 @@ sealed class Environment with _$Environment {
     /// (only if you want to use in-app purchases with RevenueCat)
     String? revenueCatIOSApiKey,
 
-    /// RevenueCat Web Billing API key (rcb_xxx or rcb_sb_xxx)
-    /// (only if you want to use subscriptions on web)
-    String? revenueCatWebApiKey,
-
     /// only if you want to use ads
     String? androidInterstitialAdUnitId,
 
@@ -114,7 +106,6 @@ sealed class Environment with _$Environment {
           appStoreId: '',
           revenueCatAndroidApiKey: AppEnv.rcAndroidApiKey,
           revenueCatIOSApiKey: AppEnv.rcIosApiKey,
-          revenueCatWebApiKey: AppEnv.rcWebApiKey,
           mixpanelToken: AppEnv.mixpanelToken,
           authenticationMode: AuthenticationMode.anonymous,
         );
@@ -125,7 +116,6 @@ sealed class Environment with _$Environment {
           appStoreId: AppEnv.appStoreId,
           revenueCatAndroidApiKey: AppEnv.rcAndroidApiKey,
           revenueCatIOSApiKey: AppEnv.rcIosApiKey,
-          revenueCatWebApiKey: AppEnv.rcWebApiKey,
           sentryDsn: AppEnv.sentryDsn,
           mixpanelToken: AppEnv.mixpanelToken,
           authenticationMode: AuthenticationMode.anonymous,
@@ -140,8 +130,8 @@ sealed class Environment with _$Environment {
       revenueCatIOSApiKey != null && revenueCatIOSApiKey!.isNotEmpty,
     TargetPlatform.android =>
       revenueCatAndroidApiKey != null && revenueCatAndroidApiKey!.isNotEmpty,
-    _ => kIsWeb &&
-        (revenueCatWebApiKey != null && revenueCatWebApiKey!.isNotEmpty),
+    // RevenueCat is mobile-only; web/desktop are never RevenueCat-configured.
+    _ => false,
   };
 }
 

package/lib/scaffold/backends/supabase/patch/lib/features/ai_chat/api/ai_chat_api.dart

@@ -0,0 +1,95 @@
+import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:logger/logger.dart';
+import 'package:kasy_kit/features/ai_chat/api/ai_chat_conversation_entity.dart';
+import 'package:kasy_kit/features/ai_chat/api/ai_chat_message_entity.dart';
+import 'package:supabase_flutter/supabase_flutter.dart';
+
+final aiChatApiProvider = Provider<AiChatApi>(
+  (ref) => AiChatApi(client: Supabase.instance.client),
+);
+
+const _kConversationsTable = 'ai_conversations';
+const _kMessagesTable = 'ai_messages';
+
+/// One user has many conversations (public.ai_conversations), each with many
+/// messages (public.ai_messages, linked by conversation_id).
+class AiChatApi {
+  final SupabaseClient _client;
+  final Logger _logger = Logger();
+
+  AiChatApi({required SupabaseClient client}) : _client = client;
+
+  // ---------------------------------------------------------------------------
+  // Conversations
+  // ---------------------------------------------------------------------------
+
+  /// Returns the user's conversations, most recently updated first.
+  Future<List<AiChatConversationEntity>> loadConversations(
+    String userId,
+  ) async {
+    final rows = await _client
+        .from(_kConversationsTable)
+        .select()
+        .eq('user_id', userId)
+        .order('updated_at', ascending: false);
+    return rows.map(AiChatConversationEntity.fromJson).toList();
+  }
+
+  /// Creates an empty conversation and returns it (with its generated id).
+  Future<AiChatConversationEntity> createConversation(String userId) async {
+    final row = await _client
+        .from(_kConversationsTable)
+        .insert({'user_id': userId})
+        .select()
+        .single();
+    return AiChatConversationEntity.fromJson(row);
+  }
+
+  /// Deletes a conversation; its messages cascade via the foreign key.
+  Future<void> deleteConversation(String userId, String conversationId) async {
+    await _client.from(_kConversationsTable).delete().eq('id', conversationId);
+  }
+
+  // ---------------------------------------------------------------------------
+  // Messages
+  // ---------------------------------------------------------------------------
+
+  /// Returns all messages in a conversation, oldest first.
+  Future<List<AiChatMessageEntity>> loadMessages(
+    String userId,
+    String conversationId,
+  ) async {
+    final rows = await _client
+        .from(_kMessagesTable)
+        .select()
+        .eq('conversation_id', conversationId)
+        .order('created_at', ascending: true);
+    return rows.map(AiChatMessageEntity.fromJson).toList();
+  }
+
+  /// Persists a message and denormalizes it onto the parent conversation
+  /// (last message preview + updated_at) so the list stays cheap to render.
+  Future<void> saveMessage(
+    String userId,
+    String conversationId,
+    AiChatMessageEntity message,
+  ) async {
+    try {
+      await _client.from(_kMessagesTable).insert({
+        'user_id': userId,
+        'conversation_id': conversationId,
+        ...message.toJson(),
+      });
+      await _client
+          .from(_kConversationsTable)
+          .update({
+            'updated_at': message.createdAt.toUtc().toIso8601String(),
+            'last_message_role': message.role,
+            'last_message_content': message.content,
+          })
+          .eq('id', conversationId);
+    } catch (e) {
+      _logger.e('Failed to persist AI message: $e');
+    }
+  }
+}

package/lib/scaffold/backends/supabase/patch/lib/features/ai_chat/api/ai_chat_conversation_entity.dart

@@ -0,0 +1,52 @@
+/// Supabase row mapping for a single AI chat conversation.
+/// Table: public.ai_conversations
+///
+/// The last message is denormalized onto the conversation so the list can be
+/// rendered with a single query (no need to read each conversation's messages
+/// just to show a preview + timestamp).
+class AiChatConversationEntity {
+  final String id;
+  final DateTime createdAt;
+  final DateTime updatedAt;
+
+  /// Role of the most recent message ('user' or 'assistant'), or null when the
+  /// conversation has no messages yet.
+  final String? lastMessageRole;
+
+  /// Content of the most recent message, or null when empty.
+  final String? lastMessageContent;
+
+  const AiChatConversationEntity({
+    required this.id,
+    required this.createdAt,
+    required this.updatedAt,
+    this.lastMessageRole,
+    this.lastMessageContent,
+  });
+
+  bool get isEmpty => lastMessageContent == null;
+
+  AiChatConversationEntity copyWith({
+    DateTime? updatedAt,
+    String? lastMessageRole,
+    String? lastMessageContent,
+  }) {
+    return AiChatConversationEntity(
+      id: id,
+      createdAt: createdAt,
+      updatedAt: updatedAt ?? this.updatedAt,
+      lastMessageRole: lastMessageRole ?? this.lastMessageRole,
+      lastMessageContent: lastMessageContent ?? this.lastMessageContent,
+    );
+  }
+
+  factory AiChatConversationEntity.fromJson(Map<String, dynamic> json) {
+    return AiChatConversationEntity(
+      id: json['id'] as String,
+      createdAt: DateTime.parse(json['created_at'] as String),
+      updatedAt: DateTime.parse(json['updated_at'] as String),
+      lastMessageRole: json['last_message_role'] as String?,
+      lastMessageContent: json['last_message_content'] as String?,
+    );
+  }
+}

package/lib/scaffold/backends/supabase/patch/lib/features/{llm_chat/api/llm_chat_message_entity.dart → ai_chat/api/ai_chat_message_entity.dart}

@@ -1,20 +1,20 @@
-/// Supabase row mapping for a single LLM chat message.
-/// Table: public.llm_messages
-class LlmChatMessageEntity {
+/// Supabase row mapping for a single AI chat message.
+/// Table: public.ai_messages
+class AiChatMessageEntity {
   final String? id;
   final String role; // 'user' or 'assistant'
   final String content;
   final DateTime createdAt;
 
-  const LlmChatMessageEntity({
+  const AiChatMessageEntity({
     this.id,
     required this.role,
     required this.content,
     required this.createdAt,
   });
 
-  factory LlmChatMessageEntity.fromJson(Map<String, dynamic> json) {
-    return LlmChatMessageEntity(
+  factory AiChatMessageEntity.fromJson(Map<String, dynamic> json) {
+    return AiChatMessageEntity(
       id: json['id'] as String?,
       role: json['role'] as String,
       content: json['content'] as String,