native-update 1.4.9 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (265) hide show
  1. package/Readme.md +35 -9
  2. package/android/manifest-additions.xml +28 -0
  3. package/android/src/main/AndroidManifest.xml +3 -7
  4. package/android/src/main/java/com/aoneahsan/nativeupdate/BackgroundNotificationManager.kt +21 -13
  5. package/android/src/main/java/com/aoneahsan/nativeupdate/BackgroundUpdatePlugin.kt +15 -0
  6. package/android/src/main/java/com/aoneahsan/nativeupdate/BackgroundUpdateWorker.kt +23 -7
  7. package/android/src/main/java/com/aoneahsan/nativeupdate/LiveUpdatePlugin.kt +346 -31
  8. package/android/src/main/java/com/aoneahsan/nativeupdate/NativeUpdatePlugin.kt +32 -34
  9. package/android/src/main/java/com/aoneahsan/nativeupdate/NotificationActionReceiver.kt +10 -1
  10. package/android/src/main/java/com/aoneahsan/nativeupdate/SecurityManager.kt +18 -18
  11. package/cli/AGENTS.md +43 -0
  12. package/cli/CLAUDE.md +65 -0
  13. package/cli/commands/backend-create.js +56 -15
  14. package/cli/commands/bundle-create.js +39 -7
  15. package/cli/commands/monitor.js +72 -51
  16. package/cli/index.js +10 -24
  17. package/cli/package.json +11 -3
  18. package/dist/esm/app-review/app-review-manager.js +0 -1
  19. package/dist/esm/app-review/index.js +0 -1
  20. package/dist/esm/app-review/platform-review-handler.js +0 -1
  21. package/dist/esm/app-review/review-conditions-checker.js +0 -1
  22. package/dist/esm/app-review/review-rate-limiter.js +0 -1
  23. package/dist/esm/app-review/types.js +0 -1
  24. package/dist/esm/app-update/app-update-checker.js +0 -1
  25. package/dist/esm/app-update/app-update-installer.d.ts +1 -0
  26. package/dist/esm/app-update/app-update-installer.js +19 -8
  27. package/dist/esm/app-update/app-update-manager.js +0 -1
  28. package/dist/esm/app-update/app-update-notifier.js +0 -1
  29. package/dist/esm/app-update/index.js +0 -1
  30. package/dist/esm/app-update/platform-app-update.js +12 -3
  31. package/dist/esm/app-update/types.js +0 -1
  32. package/dist/esm/background-update/background-scheduler.js +0 -1
  33. package/dist/esm/background-update/index.js +0 -1
  34. package/dist/esm/background-update/notification-manager.js +0 -1
  35. package/dist/esm/config/support.js +0 -1
  36. package/dist/esm/core/analytics.d.ts +13 -0
  37. package/dist/esm/core/analytics.js +15 -1
  38. package/dist/esm/core/cache-manager.js +0 -1
  39. package/dist/esm/core/config.d.ts +6 -30
  40. package/dist/esm/core/config.js +1 -8
  41. package/dist/esm/core/errors.d.ts +1 -0
  42. package/dist/esm/core/errors.js +1 -1
  43. package/dist/esm/core/event-emitter.d.ts +0 -3
  44. package/dist/esm/core/event-emitter.js +8 -3
  45. package/dist/esm/core/logger.js +0 -1
  46. package/dist/esm/core/performance.js +0 -1
  47. package/dist/esm/core/plugin-manager.js +3 -1
  48. package/dist/esm/core/security.d.ts +22 -3
  49. package/dist/esm/core/security.js +46 -7
  50. package/dist/esm/definitions.d.ts +13 -40
  51. package/dist/esm/definitions.js +0 -1
  52. package/dist/esm/index.d.ts +3 -4
  53. package/dist/esm/index.js +3 -3
  54. package/dist/esm/live-update/bundle-manager.d.ts +8 -0
  55. package/dist/esm/live-update/bundle-manager.js +20 -1
  56. package/dist/esm/live-update/certificate-pinning.js +0 -1
  57. package/dist/esm/live-update/delta-processor.d.ts +1 -1
  58. package/dist/esm/live-update/delta-processor.js +3 -1
  59. package/dist/esm/live-update/download-manager.d.ts +36 -5
  60. package/dist/esm/live-update/download-manager.js +70 -24
  61. package/dist/esm/live-update/rollout-checker.d.ts +1 -1
  62. package/dist/esm/live-update/rollout-checker.js +5 -6
  63. package/dist/esm/live-update/update-manager.d.ts +12 -1
  64. package/dist/esm/live-update/update-manager.js +38 -11
  65. package/dist/esm/live-update/version-manager.d.ts +9 -12
  66. package/dist/esm/live-update/version-manager.js +40 -68
  67. package/dist/esm/plugin.js +82 -89
  68. package/dist/esm/security/crypto.js +11 -7
  69. package/dist/esm/security/validator.js +0 -1
  70. package/dist/esm/types/rollout.d.ts +85 -0
  71. package/dist/esm/types/rollout.js +25 -0
  72. package/dist/esm/web.d.ts +26 -1
  73. package/dist/esm/web.js +214 -75
  74. package/dist/plugin.cjs.js +1 -2
  75. package/dist/plugin.esm.js +1 -2
  76. package/dist/plugin.js +2 -3
  77. package/docs/AGENTS.md +38 -0
  78. package/docs/CHANGELOG.md +275 -0
  79. package/docs/CLAUDE.md +101 -0
  80. package/docs/MANUAL-TASKS.md +17 -0
  81. package/docs/MARKETING_WEBSITE_TRACKER.md +18 -2
  82. package/docs/MIGRATION.md +170 -0
  83. package/docs/PACKAGES.md +167 -0
  84. package/docs/PERFORMANCE.md +110 -0
  85. package/docs/PROJECT_COMPLETION_TRACKER.md +4 -35
  86. package/docs/README.md +12 -2
  87. package/docs/REMAINING_FEATURES.md +123 -76
  88. package/docs/ROADMAP.md +200 -120
  89. package/docs/SECURITY-IF-REPO-PUBLIC.md +232 -0
  90. package/docs/TESTING_REQUIREMENTS.md +1 -112
  91. package/docs/ai-knowledge-base/00-project-profile.md +38 -0
  92. package/docs/ai-knowledge-base/01-features.md +46 -0
  93. package/docs/ai-knowledge-base/02-routes.md +72 -0
  94. package/docs/ai-knowledge-base/03-tech-stack.md +57 -0
  95. package/docs/ai-knowledge-base/README.md +23 -0
  96. package/docs/analytics-tracking.md +37 -0
  97. package/docs/capacitor-official-plugins.md +46 -0
  98. package/docs/capawesome-plugins.md +29 -0
  99. package/docs/deployment/HOSTINGER_DEPLOY.md +370 -0
  100. package/docs/deployment/PRODUCTION-DEPLOY-CHECKLIST.md +184 -0
  101. package/docs/docs-site/plan.md +201 -0
  102. package/docs/docs-site/scope.md +127 -0
  103. package/docs/docs-site/tracker.json +235 -0
  104. package/docs/error-handling-tracking.md +37 -0
  105. package/docs/features/laravel-nova-backend/ASSESSMENT-SUMMARY.md +96 -0
  106. package/docs/features/laravel-nova-backend/IMPLEMENTATION-PLAN.md +504 -0
  107. package/docs/features/laravel-nova-backend/progress-tracker.json +184 -0
  108. package/docs/guides/testing-guide.md +15 -41
  109. package/docs/package-audit.md +41 -0
  110. package/docs/play-store/ASO-METADATA.md +5 -0
  111. package/docs/play-store/DATA-SAFETY.md +5 -0
  112. package/docs/play-store/DECLARATIONS.md +5 -0
  113. package/docs/play-store/README.md +27 -0
  114. package/docs/play-store/RELEASE-NOTES.md +99 -0
  115. package/docs/play-store/RELEASE-STEPS.md +6 -0
  116. package/docs/play-store/STORE-LISTING.md +7 -0
  117. package/docs/play-store/SUBMISSION-CHECKLIST.md +5 -0
  118. package/docs/production-readiness.md +1 -1
  119. package/docs/project-audit/2026-05-16/00-FINALIZATION-PLAN.md +123 -0
  120. package/docs/project-audit/2026-05-16/01-BATCH-PLAN.md +227 -0
  121. package/docs/project-audit/2026-05-16/02-AUDIT-FINDINGS.md +144 -0
  122. package/docs/project-audit/2026-05-16/sessions/batch-01.md +42 -0
  123. package/docs/project-audit/2026-05-16/sessions/batch-02.md +74 -0
  124. package/docs/project-audit/2026-05-16/sessions/batch-03.md +71 -0
  125. package/docs/project-audit/2026-05-16/sessions/batch-04.md +88 -0
  126. package/docs/project-audit/2026-05-16/sessions/batch-05.md +63 -0
  127. package/docs/project-audit/2026-05-16/sessions/batch-06.md +103 -0
  128. package/docs/project-audit/2026-05-16/sessions/batch-07.md +61 -0
  129. package/docs/project-audit/2026-05-16/sessions/batch-08.md +101 -0
  130. package/docs/project-audit/2026-05-16/sessions/batch-09.md +105 -0
  131. package/docs/project-audit/2026-05-16/sessions/batch-10.md +102 -0
  132. package/docs/project-audit/AUDIT-HISTORY.md +74 -0
  133. package/docs/project-audit/BATCH-PLAN.md +168 -0
  134. package/docs/project-audit/MARKETING-WEBSITE-FINDINGS-2026-05-11.md +73 -0
  135. package/docs/project-audit/PRODUCTION-READINESS-AUDIT-2026-05-08.md +275 -0
  136. package/docs/project-finalization/00-tracker.json +60 -0
  137. package/docs/project-knowledge-base/01-system-overview.md +227 -0
  138. package/docs/project-knowledge-base/02-routes-pages-forms-users.md +352 -0
  139. package/docs/project-knowledge-base/03-tech-stack-modules-services.md +379 -0
  140. package/docs/project-knowledge-base/04-data-models-integrations.md +244 -0
  141. package/docs/project-knowledge-base/05-docs-corpus-inventory.md +256 -0
  142. package/docs/project-knowledge-base/06-operations-testing-legal-content.md +208 -0
  143. package/docs/project-knowledge-base/README.md +103 -0
  144. package/docs/project-profiles/native-update-capacitor-update-platform-project-profile-last-updated-2026-05-19.md +81 -0
  145. package/docs/rules-tracker.md +102 -0
  146. package/docs/security/PRE-LAUNCH-PENTEST-CHECKLIST.md +116 -0
  147. package/docs/seo-aeo-rules.json +3043 -0
  148. package/docs/social-media-marketing/README.md +81 -0
  149. package/docs/social-media-marketing/posts-batch-01.md +613 -0
  150. package/docs/social-media-marketing/posts-batch-02.md +528 -0
  151. package/docs/social-media-marketing/whatsapp-messages-batch-01.md +458 -0
  152. package/docs/social-media-marketing/whatsapp-status-batch-01.md +355 -0
  153. package/docs/tracking/finalization-2026-05-16-tracker.json +346 -0
  154. package/docs/tracking/full-audit-tracker.json +121 -0
  155. package/docs/tracking/production-readiness-audit-tracker.json +429 -0
  156. package/docs/tracking/seo-checklist-tracker.json +333 -0
  157. package/ios/Plugin/BackgroundUpdate/BackgroundUpdatePlugin.swift +66 -9
  158. package/ios/Plugin/LiveUpdate/LiveUpdatePlugin.swift +306 -52
  159. package/ios/Plugin/NativeUpdatePlugin.swift +22 -9
  160. package/ios/Plugin/Security/SecurityManager.swift +13 -14
  161. package/package.json +37 -38
  162. package/cli/node_modules/.yarn-integrity +0 -16
  163. package/cli/node_modules/commander/LICENSE +0 -22
  164. package/cli/node_modules/commander/Readme.md +0 -1148
  165. package/cli/node_modules/commander/esm.mjs +0 -16
  166. package/cli/node_modules/commander/index.js +0 -26
  167. package/cli/node_modules/commander/lib/argument.js +0 -145
  168. package/cli/node_modules/commander/lib/command.js +0 -2179
  169. package/cli/node_modules/commander/lib/error.js +0 -43
  170. package/cli/node_modules/commander/lib/help.js +0 -462
  171. package/cli/node_modules/commander/lib/option.js +0 -329
  172. package/cli/node_modules/commander/lib/suggestSimilar.js +0 -100
  173. package/cli/node_modules/commander/package-support.json +0 -16
  174. package/cli/node_modules/commander/package.json +0 -80
  175. package/cli/node_modules/commander/typings/esm.d.mts +0 -3
  176. package/cli/node_modules/commander/typings/index.d.ts +0 -884
  177. package/cli/yarn.lock +0 -8
  178. package/dist/esm/__tests__/bundle-manager.test.d.ts +0 -1
  179. package/dist/esm/__tests__/bundle-manager.test.js +0 -151
  180. package/dist/esm/__tests__/bundle-manager.test.js.map +0 -1
  181. package/dist/esm/__tests__/config.test.d.ts +0 -1
  182. package/dist/esm/__tests__/config.test.js +0 -70
  183. package/dist/esm/__tests__/config.test.js.map +0 -1
  184. package/dist/esm/__tests__/delta-processor.test.d.ts +0 -1
  185. package/dist/esm/__tests__/delta-processor.test.js +0 -77
  186. package/dist/esm/__tests__/delta-processor.test.js.map +0 -1
  187. package/dist/esm/__tests__/firestore-schema.test.d.ts +0 -1
  188. package/dist/esm/__tests__/firestore-schema.test.js +0 -74
  189. package/dist/esm/__tests__/firestore-schema.test.js.map +0 -1
  190. package/dist/esm/__tests__/integration.test.d.ts +0 -1
  191. package/dist/esm/__tests__/integration.test.js +0 -78
  192. package/dist/esm/__tests__/integration.test.js.map +0 -1
  193. package/dist/esm/__tests__/manifest-reader.test.d.ts +0 -1
  194. package/dist/esm/__tests__/manifest-reader.test.js +0 -271
  195. package/dist/esm/__tests__/manifest-reader.test.js.map +0 -1
  196. package/dist/esm/__tests__/rollout-checker.test.d.ts +0 -1
  197. package/dist/esm/__tests__/rollout-checker.test.js +0 -210
  198. package/dist/esm/__tests__/rollout-checker.test.js.map +0 -1
  199. package/dist/esm/__tests__/security.test.d.ts +0 -1
  200. package/dist/esm/__tests__/security.test.js +0 -54
  201. package/dist/esm/__tests__/security.test.js.map +0 -1
  202. package/dist/esm/__tests__/version-manager.test.d.ts +0 -1
  203. package/dist/esm/__tests__/version-manager.test.js +0 -45
  204. package/dist/esm/__tests__/version-manager.test.js.map +0 -1
  205. package/dist/esm/app-review/app-review-manager.js.map +0 -1
  206. package/dist/esm/app-review/index.js.map +0 -1
  207. package/dist/esm/app-review/platform-review-handler.js.map +0 -1
  208. package/dist/esm/app-review/review-conditions-checker.js.map +0 -1
  209. package/dist/esm/app-review/review-rate-limiter.js.map +0 -1
  210. package/dist/esm/app-review/types.js.map +0 -1
  211. package/dist/esm/app-update/app-update-checker.js.map +0 -1
  212. package/dist/esm/app-update/app-update-installer.js.map +0 -1
  213. package/dist/esm/app-update/app-update-manager.js.map +0 -1
  214. package/dist/esm/app-update/app-update-notifier.js.map +0 -1
  215. package/dist/esm/app-update/index.js.map +0 -1
  216. package/dist/esm/app-update/platform-app-update.js.map +0 -1
  217. package/dist/esm/app-update/types.js.map +0 -1
  218. package/dist/esm/background-update/background-scheduler.js.map +0 -1
  219. package/dist/esm/background-update/index.js.map +0 -1
  220. package/dist/esm/background-update/notification-manager.js.map +0 -1
  221. package/dist/esm/config/support.js.map +0 -1
  222. package/dist/esm/core/analytics.js.map +0 -1
  223. package/dist/esm/core/cache-manager.js.map +0 -1
  224. package/dist/esm/core/config.js.map +0 -1
  225. package/dist/esm/core/errors.js.map +0 -1
  226. package/dist/esm/core/event-emitter.js.map +0 -1
  227. package/dist/esm/core/logger.js.map +0 -1
  228. package/dist/esm/core/performance.js.map +0 -1
  229. package/dist/esm/core/plugin-manager.js.map +0 -1
  230. package/dist/esm/core/security.js.map +0 -1
  231. package/dist/esm/definitions.js.map +0 -1
  232. package/dist/esm/firestore/firestore-client.d.ts +0 -109
  233. package/dist/esm/firestore/firestore-client.js +0 -264
  234. package/dist/esm/firestore/firestore-client.js.map +0 -1
  235. package/dist/esm/firestore/index.d.ts +0 -11
  236. package/dist/esm/firestore/index.js +0 -11
  237. package/dist/esm/firestore/index.js.map +0 -1
  238. package/dist/esm/firestore/manifest-reader.d.ts +0 -87
  239. package/dist/esm/firestore/manifest-reader.js +0 -294
  240. package/dist/esm/firestore/manifest-reader.js.map +0 -1
  241. package/dist/esm/firestore/schema.d.ts +0 -507
  242. package/dist/esm/firestore/schema.js +0 -73
  243. package/dist/esm/firestore/schema.js.map +0 -1
  244. package/dist/esm/index.js.map +0 -1
  245. package/dist/esm/live-update/bundle-manager.js.map +0 -1
  246. package/dist/esm/live-update/certificate-pinning.js.map +0 -1
  247. package/dist/esm/live-update/delta-processor.js.map +0 -1
  248. package/dist/esm/live-update/download-manager.js.map +0 -1
  249. package/dist/esm/live-update/rollout-checker.js.map +0 -1
  250. package/dist/esm/live-update/update-manager.js.map +0 -1
  251. package/dist/esm/live-update/version-manager.js.map +0 -1
  252. package/dist/esm/plugin.js.map +0 -1
  253. package/dist/esm/security/crypto.js.map +0 -1
  254. package/dist/esm/security/validator.js.map +0 -1
  255. package/dist/esm/web.js.map +0 -1
  256. package/dist/plugin.cjs.js.map +0 -1
  257. package/dist/plugin.esm.js.map +0 -1
  258. package/dist/plugin.js.map +0 -1
  259. package/docs/FIREBASE_INTEGRATION_TRACKER.md +0 -321
  260. package/docs/FIREBASE_QUERIES_AND_INDEXES_AUDIT.md +0 -221
  261. package/docs/examples/firebase-backend-example.md +0 -27
  262. package/docs/guides/no-cost-backend-implementation-plan.md +0 -77
  263. package/docs/guides/no-cost-firestore-google-drive-backend.md +0 -60
  264. package/docs/play-console-rejection-rules.json +0 -428
  265. /package/docs/{MARKETING_WEBSITE_PLAN.md → archive/MARKETING_WEBSITE_PLAN.md} +0 -0
package/docs/CHANGELOG.md CHANGED
@@ -5,6 +5,281 @@ All notable changes to this project will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [3.1.0] - 2026-07-02
9
+
10
+ ### Added
11
+ - **`exports` map in package.json.** Modern conditional exports
12
+ (`types`/`import`/`require`) with `./dist/*` and `./cli/*` wildcard
13
+ passthrough so existing deep imports keep resolving. Legacy
14
+ `main`/`module`/`types`/`unpkg` fields retained.
15
+ - **`website/.env.production`.** Production builds now always bake the
16
+ production backend URL; the dev `.env` can safely point at localhost.
17
+ - **Composite index `builds(app_id, channel, status, created_at)`.**
18
+ Covers the update-check lookup's sort; removes a filesort from the
19
+ hottest query.
20
+
21
+ ### Changed
22
+ - **Update-check hot path (backend).** The two per-request DB writes
23
+ (device activity + analytics event) now run after the response is
24
+ sent (`dispatch(...)->afterResponse()`), and the latest-build lookup
25
+ is cached for 45s with model-event invalidation. Rollout bucketing
26
+ stays per-device and uncached.
27
+ - **`analytics:cleanup` now also prunes `analytics_events`** in 5000-row
28
+ chunks (previously only device-activity rows; the events table grew
29
+ unboundedly).
30
+ - **Web validateUpdate() reuses downloaded bundle bytes.** Validating a
31
+ bundle right after `download()` no longer re-downloads it to hash.
32
+ - **Landing page animation engine loads lazily** (LazyMotion): ~44 KB
33
+ of framer-motion moves off the first-paint critical path.
34
+ - **Firebase Hosting config consolidated** to the repo root with
35
+ long-lived immutable caching for hashed assets and revalidation for
36
+ HTML.
37
+ - CORS `supports_credentials` disabled (bearer-token auth needs no
38
+ credentialed CORS).
39
+
40
+ ### Removed
41
+ - 9 dead env keys from `website/.env` (Firebase-era), 10 commented-out
42
+ debug lines in `src/web.ts`, 2 framework scaffold test files.
43
+
44
+ ### Fixed
45
+ - Doc drift: backend is Laravel 13 (not 11); the test suite is PHPUnit
46
+ (not Pest); canonical backend host is `nativeupdatebe.aoneahsan.com`.
47
+
48
+ ## [3.0.1] - 2026-05-11
49
+
50
+ ### Added
51
+ - **Documentation site.** A new public Docusaurus documentation site
52
+ ships alongside the marketing site. 58 pages total: SDK reference
53
+ (23), CLI reference (9), Backend setup (5), Platform guides (3),
54
+ Tutorials (2), How-to guides (6), Concepts (6), Getting Started (2),
55
+ About + intro pages. Full Diátaxis coverage. Lives in the sibling
56
+ `native-update-docs/` repository; deployed to Firebase Hosting at
57
+ `docs.nativeupdate.aoneahsan.com`. Discovery files (`robots.txt`
58
+ with 30+ AI-bot allowlist, `llms.txt`, `llms-full.txt`, `humans.txt`,
59
+ `.well-known/security.txt`, `sitemap-index.json`, `sitemap.xml`)
60
+ and 3 JSON-LD blocks per page (WebSite, SoftwareApplication,
61
+ Organization) for AI-search citability.
62
+ - **`docs/security/PRE-LAUNCH-PENTEST-CHECKLIST.md`.** 10-section
63
+ DIY security checklist covering dep hygiene, authentication,
64
+ authorization, CORS/CSRF, bundle integrity, file safety, data
65
+ handling, operational safety, mobile platform integration,
66
+ 9 specific attack paths, and a final sanity sweep.
67
+ - **`docs/PERFORMANCE.md` + `tools/bench/`.** Vitest microbench
68
+ scaffold for the SHA-256 checksum and RSA-SHA256 signature hot
69
+ paths, with calibration targets and a regression-investigation
70
+ workflow.
71
+ - **CI: example-bundle workflow.** `.github/workflows/example-bundle.yml`
72
+ builds, signs, and attaches an OTA bundle from `example-apps/react-capacitor`
73
+ to each GitHub Release. Also runs weekly as a drift-detection canary.
74
+ - **Example-app capability cards.** `example-apps/react-capacitor/src/App.tsx`
75
+ now demonstrates App Update (`getAppUpdateInfo` + `openAppStore`),
76
+ App Review (`canRequestReview` + `requestReview`), and Background
77
+ Update (toggle with `allowMeteredConnection` + `nextCheckTime`)
78
+ alongside the existing Live Update flow. One section per feature
79
+ area.
80
+
81
+ ### Fixed
82
+ - **`website/src/pages/ExamplesPage.tsx`.** Removed the stale third
83
+ example card advertising the `example-apps/firebase-backend`
84
+ directory, which was deleted in v3.0.0. The GitHub source link
85
+ 404'd and the description ("Firestore manifests") contradicted the
86
+ website's own v3 architecture rule.
87
+
88
+ ### Documentation
89
+ - **`docs/project-audit/MARKETING-WEBSITE-FINDINGS-2026-05-11.md`**
90
+ produced by the production-readiness audit Batch 9 sweep. Documents
91
+ 3 deferred follow-ups (stale MDX docs mirror, HomePage missing
92
+ Screenshots/Demo section, DocsPage size violation) and 7 surfaces
93
+ confirmed healthy.
94
+ - **`docs/MARKETING_WEBSITE_TRACKER.md`** annotated as SUPERSEDED with
95
+ a redirect block to the new findings doc.
96
+ - **`example-apps/react-capacitor/README.md`** documents the React 18
97
+ vs 19 version-choice reasoning (the plugin is React-version-agnostic;
98
+ the example pins React 18 to maximise readable audience).
99
+
100
+ ### Closed
101
+ - **Production-readiness audit (10 batches)** initiated 2026-05-08 is
102
+ complete as of 2026-05-11. Authoritative tracker:
103
+ `docs/tracking/production-readiness-audit-tracker.json`. The flow
104
+ enters a 7-day cooldown; next allowed re-run 2026-05-18.
105
+
106
+ ## [3.0.0] - 2026-05-04
107
+
108
+ ### Removed (BREAKING)
109
+ - **Firestore backend.** `backendType: 'firestore'` and the
110
+ `firestore: { … }` config field are gone. The plugin now speaks HTTP
111
+ to a single backend (the hosted Native Update SaaS / Laravel
112
+ reference implementation in `backend/`). Apps using the Firestore
113
+ branch must switch to `serverUrl` + `apiKey` — see
114
+ [MIGRATION.md](./MIGRATION.md#upgrading-v2--v300).
115
+ - **`src/firestore/` module.** `FirestoreClient`, `ManifestReader`,
116
+ `firestore.rules`, `firestore.indexes.json`, the schema types, and
117
+ the `FirestoreConfig` public export are removed.
118
+ - **`example-apps/firebase-backend/`.** The standalone Firebase Cloud
119
+ Functions example is removed; `example-apps/node-express/` is the
120
+ reference HTTP implementation of the `/v1/updates/check` contract.
121
+
122
+ ### Changed
123
+ - Rollout / device-info / update-check types moved to
124
+ `src/types/rollout.ts` and are re-exported from the package root.
125
+ `FirestoreTimestamp` is replaced by `RolloutTimestamp` (`number |
126
+ string | Date`) with a `toEpochMs()` helper.
127
+ - Website auth-service drops the Firestore user-profile mirror. The
128
+ Laravel `ValidateFirebaseToken` middleware already upserts the user
129
+ record from verified token claims on every authenticated request, so
130
+ the client mirror was redundant.
131
+
132
+ ## [2.0.0] - 2026-04-18
133
+
134
+ ### Native (Android + iOS)
135
+ - **Boot-time bundle re-verification.** On every cold start the plugin
136
+ re-hashes the active OTA bundle and compares against the checksum
137
+ stored at install time. If the host app configured a public key and the
138
+ bundle carries a signature, the signature is re-verified too. Mismatch
139
+ triggers an immediate rollback to the previous known-good bundle and
140
+ emits `updateStateChanged` with `status: 'ROLLBACK'`. Closes an
141
+ on-disk-tampering gap on rooted/jailbroken devices.
142
+ - **Automatic rollback on crash loop.** Activating a bundle marks it as
143
+ pending-verify. Each cold start before `notifyAppReady()` fires
144
+ increments a counter; after 2 failed boots the plugin rolls back to
145
+ the previous bundle automatically. Catches a bundle that crashes the
146
+ app before it can tell the plugin it booted cleanly.
147
+ - Bundle metadata now persists the signature alongside checksum so the
148
+ boot re-verify can run without needing the manifest or a re-download.
149
+ - **iOS zip-slip + zip-bomb protection.** Bundle extraction now inspects
150
+ every archive entry before writing to disk: rejects symlinks, absolute
151
+ paths, and any path that resolves outside the destination directory,
152
+ and caps total uncompressed size at 500 MB. A malicious bundle can no
153
+ longer overwrite files outside the sandbox or exhaust device storage.
154
+ (Android does not currently extract bundles in-plugin; when that is
155
+ added, the same validation must be applied.)
156
+ - **Secure storage is now always on.** Android persists secrets only
157
+ through `EncryptedSharedPreferences` (Keystore-backed); iOS persists
158
+ only through the Keychain. The `secureStorage: false` opt-out is
159
+ removed — passing it is ignored. On web, `initialize()` config is
160
+ sanitised before write-through to `localStorage`: `apiKey`, top-level
161
+ and `liveUpdate.publicKey`, and `security.publicKey` are stripped, so
162
+ a compromised script or stale cache cannot surface the credential.
163
+ Host apps must pass the apiKey/publicKey on every `initialize()`.
164
+ - **Android background retries are bounded + backoff-aware.** All three
165
+ enqueue sites (periodic, one-shot, notification-action) now pass
166
+ `setBackoffCriteria(EXPONENTIAL, 30s)`. The worker itself caps at
167
+ 5 retry attempts per run, so a persistently-failing server can no
168
+ longer burn battery in a tight retry loop — total wall-clock budget
169
+ for a failing run is ~15 minutes before falling through to the next
170
+ scheduled tick.
171
+ - **iOS background-task diagnostics.** `BGTaskScheduler.submit` errors
172
+ are now classified (`.notPermitted`, `.tooManyPendingTaskRequests`,
173
+ `.unavailable`) and logged with actionable messages. `.notPermitted`
174
+ almost always means the host app's `Info.plist` is missing the
175
+ scheduler identifier — previously a silent failure. We also cancel
176
+ any prior pending request before resubmitting to dodge the
177
+ "already-scheduled" edge case observed on a few iOS versions. Host
178
+ apps must declare `BGTaskSchedulerPermittedIdentifiers` with
179
+ `com.aoneahsan.nativeupdate.background` in their own Info.plist —
180
+ the framework's plist does not propagate to the app bundle.
181
+
182
+ ### Security (BREAKING)
183
+ - **Signature verification fails closed.** If the host app configures
184
+ `publicKey`, `requireSignature`, or `enableSignatureValidation`, a missing
185
+ signature now throws instead of silently passing. Previously, a manifest
186
+ with the signature field stripped out would bypass all integrity checks.
187
+ - **Checksum verification fails closed.** `verifyChecksum(data, '')` now
188
+ throws. Every OTA bundle manifest must ship a SHA-256 checksum; a missing
189
+ one is treated as tampering.
190
+ - **Monotonic version enforcement persists across reinstalls.** The plugin
191
+ now records the highest version ever applied per channel in Preferences
192
+ and refuses to apply any older bundle — even if the active-bundle state
193
+ was wiped. Closes a downgrade-attack path.
194
+ - **`setUpdateUrl()` is deprecated and ignored at runtime.** The update
195
+ server URL is fixed at `initialize()` time. Runtime mutation was an XSS
196
+ attack path (compromised WebView could repoint updates to a hostile
197
+ host). Re-call `initialize()` to switch servers.
198
+ - **Removed `allowDowngrade` from `UpdateOptions`.** Downgrades are a
199
+ debug/recovery operation and do not belong in a production option flag.
200
+ - **Removed `enableEncryption`, `encryptionKey`, `encryptionSalt` from
201
+ the public API.** Bundle encryption was only wired on the web path and
202
+ never implemented on Android or iOS — the option shipped a false
203
+ guarantee. Sign bundles (RSA-PSS/ECDSA) and serve them over HTTPS; the
204
+ plugin's existing verification is the correct integrity primitive.
205
+
206
+ ### Backend (native-update/backend)
207
+ - API key checksum comparison uses `hash_equals` (timing-safe) — closes a
208
+ byte-by-byte response-time leak on brute-force against short suffixes.
209
+ - Bundle download asserts `build->app_id === authenticated app->id` as
210
+ defense-in-depth beyond the signed URL.
211
+ - Device identifiers are HMAC-SHA256 hashed (keyed by `APP_KEY`) via an
212
+ Eloquent mutator before landing in `analytics_events` and
213
+ `device_activities`. Casual DB access can no longer correlate a row back
214
+ to a specific device.
215
+ - Build upload rejects versions ≤ current channel head unless an explicit
216
+ rollback flow is used. Prevents accidental and malicious downgrades on
217
+ live channels.
218
+ - `GET /api/health` unauth'd endpoint added for Hostinger uptime pings.
219
+ - `/api/v1/*` now carries a route-level `throttle:600,15` as
220
+ defense-in-depth on top of per-key rate limiting in middleware.
221
+ - `.env.example` tightened for production defaults: `APP_ENV=production`,
222
+ `APP_DEBUG=false`, `LOG_LEVEL=warning`, `LOG_CHANNEL=daily`,
223
+ `DB_CONNECTION=mysql`.
224
+ - **Signed bundle URLs include checksum + app_id in their signed payload**
225
+ and `BundleController::download` re-asserts both against the `Build`
226
+ row before streaming. A replayed URL whose Build was flipped to
227
+ archived now returns 403 instead of serving the old bundle.
228
+ - **Signed URL TTL moved from 5 minutes → 30 minutes and made
229
+ configurable** via `NATIVE_UPDATE_DOWNLOAD_TTL_MIN`. Five minutes
230
+ frequently expired mid-download on a slow mobile link.
231
+ - **Bundle downloads stream through Laravel**, never redirect to the
232
+ underlying storage URL — comment enforces the invariant. Keeps auth,
233
+ rate-limit, and audit in one chokepoint.
234
+ - **Signing-key decryption is now per-request memoised** in
235
+ `SigningKey::getPrivateKey()`. `rotate()` and `revoke()` clear the
236
+ cache so stale keys can't leak across a long-running worker.
237
+
238
+ ### Optimization
239
+ - **Resume-download correctness.** `resumeDownload()` now records whether
240
+ the server actually returned HTTP 206 (Partial Content) and decides
241
+ whether to concatenate the partial prefix or discard it accordingly.
242
+ Previously a server that fell back to HTTP 200 (full response)
243
+ silently produced a corrupted bundle by double-writing the prefix —
244
+ a latent corruption bug on CDNs that don't honour Range.
245
+ - **Jittered exponential backoff on download retry.** `downloadWithRetry`
246
+ now adds ±25% random jitter to each retry interval. Avoids the
247
+ thundering-herd scenario where many clients retry in lockstep after a
248
+ common failure (CDN blip, server restart) and hammer a recovering
249
+ server simultaneously.
250
+ - **Auto-cleanup is now the default.** After a successful bundle apply
251
+ the plugin keeps the last 3 bundles (active + 2 recent) and deletes
252
+ the rest. Host apps that want the old every-bundle-forever behavior
253
+ can pass `cleanupOldBundles: false` explicitly.
254
+
255
+ ### Payments (BREAKING)
256
+ - **Stripe + Cashier removed; PayPal (`srmklive/paypal`) takes over.**
257
+ New `SubscriptionController` exposes `subscribe → activate → cancel /
258
+ resume / changePlan` with PayPal's approval-URL flow. Webhook endpoint
259
+ moved from `/api/webhooks/stripe` → `/api/webhooks/paypal`, with a new
260
+ `PayPalWebhookController` that verifies transmissions via PayPal's
261
+ own `verifyWebHook` API.
262
+ - New migration `2026_04_18_000001_add_paypal_provider_to_subscriptions`
263
+ introduces provider-agnostic columns (`provider`,
264
+ `provider_subscription_id`, `provider_status`, `provider_plan_id`) on
265
+ `subscriptions`, `subscription_items`, and `users`. Legacy `stripe_*`
266
+ columns are kept nullable for one release to ease rollback.
267
+ - `.env.example` replaces `STRIPE_*` with `PAYPAL_MODE`,
268
+ `PAYPAL_LIVE_CLIENT_ID / SECRET / APP_ID`, `PAYPAL_PLAN_PRO`,
269
+ `PAYPAL_PLAN_ENTERPRISE`, `PAYPAL_WEBHOOK_ID`.
270
+ - `User` model drops the Cashier `Billable` trait and grows an
271
+ `activeSubscription()` helper against the new schema.
272
+
273
+ ### Migration
274
+ - Apps relying on `allowDowngrade: true` in `UpdateOptions` will fail to
275
+ apply older bundles. Remove the flag and treat rollback as a separate
276
+ flow.
277
+ - Apps passing `enableEncryption`, `encryptionKey`, or `encryptionSalt`
278
+ to `initialize()` or `configure()` will see them silently dropped.
279
+ Rely on signature + checksum verification for integrity.
280
+ - Apps calling `setUpdateUrl()` at runtime will receive a deprecation
281
+ warning and the call is a no-op. Pass `serverUrl` to `initialize()`.
282
+
8
283
  ## [1.4.9] - 2026-03-11
9
284
 
10
285
  ### Added
package/docs/CLAUDE.md ADDED
@@ -0,0 +1,101 @@
1
+ # Native Update - Documentation
2
+
3
+ Comprehensive documentation for the native-update Capacitor plugin and platform.
4
+
5
+ ## 🔴 3-Day Freshness Rule
6
+ Check and update this file at least every 3 days. See root CLAUDE.md.
7
+
8
+ ## Structure
9
+
10
+ | Folder | Purpose |
11
+ |--------|---------|
12
+ | `api/` | API reference documentation |
13
+ | `architecture/` | System architecture docs |
14
+ | `examples/` | Code examples |
15
+ | `features/` | Feature documentation |
16
+ | `getting-started/` | Quick start guides |
17
+ | `guides/` | How-to guides |
18
+ | `plans/` | Development plans and roadmap |
19
+ | `project-knowledge-base/` | AI-readable domain knowledge |
20
+ | `project-profiles/` | Project profile for portfolio/resume |
21
+ | `reports/` | Status and analysis reports |
22
+ | `security/` | Security documentation |
23
+ | `tracking/` | Progress tracker JSON files |
24
+
25
+ ## Key Reference Files
26
+
27
+ | File | Purpose |
28
+ |------|---------|
29
+ | `QUICK_START.md` | Getting started guide |
30
+ | `CHANGELOG.md` | Version history |
31
+ | `ROADMAP.md` | Future plans |
32
+ | `MIGRATION.md` | v1 to v2 migration guide |
33
+ | `SECURITY.md` | Security overview |
34
+ | `KNOWN_LIMITATIONS.md` | Current limitations |
35
+ | `TESTING_REQUIREMENTS.md` | Test guidelines |
36
+ | `SERVER_REQUIREMENTS.md` | Backend requirements |
37
+ | `CLI_REFERENCE.md` | CLI command reference |
38
+
39
+ ## Feature Guides
40
+
41
+ | File | Topic |
42
+ |------|-------|
43
+ | `APP_REVIEW_GUIDE.md` | App review integration |
44
+ | `LIVE_UPDATES_GUIDE.md` | OTA live updates |
45
+ | `NATIVE_UPDATES_GUIDE.md` | App store updates |
46
+ | `BUNDLE_SIGNING.md` | Bundle security signing |
47
+ | `BACKGROUND_UPDATES.md` | Background update processing |
48
+
49
+ ## Project Profile Maintenance Rule
50
+
51
+ **CRITICAL: Keep the dated project profile file current**
52
+
53
+ - Canonical location: `/docs/project-profiles/`
54
+ - Filename pattern: `native-update-capacitor-update-platform-project-profile-last-updated-YYYY-MM-DD.md`
55
+ - Update weekly when project is active, or whenever major features, positioning, roadmap, SEO metadata, resume bullets, or portfolio messaging changes
56
+ - Always update inside: `Reference Date`, `Last Updated`, `Update History`
57
+ - Keep only the most recent 10 update-history records
58
+ - All sub-projects with their own `CLAUDE.md` must follow this same rule
59
+
60
+ ## Root Portfolio File Maintenance Rule
61
+
62
+ - Maintain exactly one root portfolio info file: `NATIVE-UPDATE_portfolio-info_YYYY-MM-DD.md`
63
+ - Refresh only after 7+ days unless a major release or material change happens sooner
64
+ - Keep at most 10 update-history records
65
+ - When portfolio file changes, also update: `README.md`, root `CLAUDE.md`, and the dated project-profile file
66
+
67
+ ## AI Knowledge Base Maintenance Rule
68
+
69
+ **CRITICAL: Keep `/docs/project-knowledge-base/` current**
70
+
71
+ - Update every 2 weeks while project is active
72
+ - Also update when: routes, forms, user roles, docs, legal pages, modules, tech stack, integrations, or backend assumptions change
73
+
74
+ ### Required Files (minimum)
75
+ 1. `README.md` — Knowledge base index
76
+ 2. `01-system-overview.md` — System overview
77
+ 3. `02-routes-pages-forms-users.md` — Routes, pages, forms, user roles
78
+ 4. `03-tech-stack-modules-services.md` — Tech stack, modules, services
79
+ 5. `04-data-models-integrations.md` — Data models, integrations
80
+ 6. `05-docs-corpus-inventory.md` — Documentation inventory
81
+ 7. `06-operations-testing-legal-content.md` — Operations, testing, legal
82
+
83
+ ### Sync Triggers
84
+ - When `/docs` gains or loses files → update `05-docs-corpus-inventory.md`
85
+ - When website routes/pages/forms change → update `02-routes-pages-forms-users.md`
86
+ - When modules/services/schema/integrations change → update `03-tech-stack-modules-services.md` and `04-data-models-integrations.md`
87
+ - Every file must keep `Reference Date` and `Last Updated` current
88
+
89
+ ## Package Update History
90
+
91
+ | Date | Updated By | Notes |
92
+ |------|------------|-------|
93
+ | 2026-03-24 | Codex | Refreshed docs, verified package state |
94
+ | 2026-02-02 | Claude | Full update to latest versions |
95
+
96
+ ## FilesHub Rule (inherited)
97
+ All file storage uses FilesHub API. See root CLAUDE.md.
98
+
99
+ ---
100
+
101
+ **Last Updated**: 2026-04-25
@@ -0,0 +1,17 @@
1
+ # Manual / User-Only Tasks — Native Update
2
+ > The ONE place for everything only you (the human) can do. Fixed path: docs/MANUAL-TASKS.md.
3
+ > Global spec: ~/.claude/rules/manual-tasks.md. Last updated: 2026-07-02
4
+
5
+ ## ⏳ Pending manual tasks
6
+
7
+ | # | Task | Why only you | Detail | Status |
8
+ |---|------|--------------|--------|--------|
9
+ | 1 | 🔴 **URGENT — production backend is DOWN.** Every route on `https://nativeupdatebe.aoneahsan.com` returns HTTP 500 (verified 2026-07-02: root, `/api/v1/updates/check`, `/api/auth/google/redirect`). Dashboard sign-in and mobile update checks are broken in production right now. | Needs Hostinger SSH + server logs | 1) SSH in, read `storage/logs/laravel-*.log` to find the fatal (likely PHP version — **Laravel 13 requires PHP ≥ 8.3**; or a missing `.env` key / uncached config). 2) Deploy the fresh zip from `production-deploy/` per `docs/deployment/HOSTINGER_DEPLOY.md` §6 + §9: unzip → `composer install --no-dev --optimize-autoloader` → `php artisan migrate --force` (applies the new covering index) → `php artisan config:cache && route:cache && view:cache` → `nova:publish`. 3) Confirm the `schedule:run` cron (§5) exists. 4) Smoke: `curl https://nativeupdatebe.aoneahsan.com/api/health`. | ☐ Not started |
10
+ | 2 | Verify the backend **Laravel 11→13 + spatie-permission 6→8** upgrade against the real production DB | Needs the configured MySQL (agent runs tests only on sqlite `:memory:`) | Agent already runs the full suite locally: **134 PHPUnit tests pass** (`cd backend && php artisan test`, sqlite in-memory — all migrations incl. the new `builds_channel_lookup_idx` apply cleanly). Remaining for you: `php artisan migrate --force` against production MySQL (review spatie v8 changes: `php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider"` if prompted), then smoke-test sign-in + RBAC + a build upload. | ☐ Not started |
11
+ | 3 | Ensure production server runs **PHP ≥ 8.3** and **Node ≥ 24.16.0** | Server/host change | Laravel 13 requires PHP 8.3+ (hPanel → PHP Configuration). `engines.node` is ≥24.16.0 across all units (the published `native-update@3.1.0` declares this floor too). The current 500 is very likely a PHP-version mismatch — check this first. | ☐ Not started |
12
+ | 4 | Deploy the Docusaurus docs site (`native-update-docs/`) | Needs Firebase Hosting auth | `cd native-update-docs && yarn build` → `yarn firebase:deploy`. Runbook: `native-update-docs/DEPLOY.md`. (This repo's marketing site + dashboard were deployed by the agent — see Completed.) | ☐ Not started |
13
+ | 5 | On-device OTA verification (Android + iOS) | Device-only; agent cannot run emulators/`cap run` | Per `docs/CLAUDE.md` Bundle/OTA Release Safety: test bundles on both platforms, verify checksum validation + rollback + background-update behavior before any live release. | ☐ Not started |
14
+
15
+ ## ✅ Completed manual tasks
16
+
17
+ (none yet — npm publish + website deploy pending this session's Step F)
@@ -1,8 +1,24 @@
1
1
  # Marketing Website - Progress Tracker
2
2
 
3
3
  **Created:** 2025-12-27
4
- **Last Updated:** 2025-12-27
5
- **Status:** 🔴 Not Started
4
+ **Last Updated:** 2025-12-27 (stale — see note below)
5
+ **Status:** 📦 SUPERSEDED
6
+
7
+ ---
8
+
9
+ ## ⚠️ Stale tracker — superseded as of 2026-05-11
10
+
11
+ This file is a **pre-launch planning artifact** from December 2025. It was never updated as features actually shipped. The 236 unchecked `[ ]` items below do NOT reflect the current state of the live website — most of them correspond to features that are already in production at https://nativeupdate.aoneahsan.com and in the `website/` directory of this repo.
12
+
13
+ **Where to look instead:**
14
+
15
+ - For genuine rendered-on-live-pages gaps as of 2026-05-11, see [docs/project-audit/MARKETING-WEBSITE-FINDINGS-2026-05-11.md](./project-audit/MARKETING-WEBSITE-FINDINGS-2026-05-11.md). That file is the production-readiness audit Batch 9 deliverable.
16
+ - For the per-route SEO + indexing tracker, see [website/docs/tracking/seo-url-coverage.json](../website/docs/tracking/seo-url-coverage.json).
17
+ - For the website's run-history of SEO/AEO/AIO passes (3-day + commit-delta gated), see the `SEO / AEO / AIO Run History` table in [website/CLAUDE.md](../website/CLAUDE.md).
18
+
19
+ **Why this file is kept (not deleted):**
20
+
21
+ History reference only. Reading the items below is a useful "what did we plan vs what shipped" archaeology, especially when onboarding a contributor who wants to understand the project's early scope decisions. If you are chasing what is broken or missing TODAY, do not start here.
6
22
 
7
23
  ---
8
24
 
package/docs/MIGRATION.md CHANGED
@@ -1,5 +1,175 @@
1
1
  # Migration Guide
2
2
 
3
+ ## Upgrading v2 → v3.0.0
4
+
5
+ v3 narrows the plugin to a single, well-supported backend contract: the
6
+ hosted Native Update SaaS at `https://nativeupdate.aoneahsan.com`
7
+ (reference implementation: Laravel 11 + Nova 5 in `backend/`). The
8
+ direct-Firestore branch — `backendType: 'firestore'` plus the
9
+ `firestore: { … }` config — is removed, along with the
10
+ `src/firestore/` schema/client/manifest-reader/rules/indexes and the
11
+ `example-apps/firebase-backend/` example.
12
+
13
+ ### Why
14
+
15
+ The Firestore branch existed so apps could run without any server. In
16
+ practice it pushed a lot of operational work (security rules, indexes,
17
+ billing, Drive token storage) onto every consumer. The SaaS handles all
18
+ of it server-side, so the SDK only needs to know how to call one
19
+ backend.
20
+
21
+ ### Required action
22
+
23
+ #### 1. Drop `backendType` and `firestore` from your config
24
+
25
+ ```diff
26
+ await NativeUpdate.initialize({
27
+ - backendType: 'firestore',
28
+ - firestore: { projectId: '…', appId: 'com.your.app', channel: 'production' },
29
+ + serverUrl: 'https://api.nativeupdate.aoneahsan.com',
30
+ + apiKey: import.meta.env.VITE_NATIVE_UPDATE_API_KEY,
31
+ + publicKey: import.meta.env.VITE_NATIVE_UPDATE_PUBLIC_KEY,
32
+ appId: 'com.your.app',
33
+ channel: 'production',
34
+ });
35
+ ```
36
+
37
+ If you were running your own Firestore project for manifests, register
38
+ your app in the Native Update dashboard, generate an API key, and
39
+ switch to the HTTP config above. The dashboard mirrors every field
40
+ that previously lived in your Firestore manifest.
41
+
42
+ #### 2. Delete any direct Firestore reads from your app code
43
+
44
+ ```diff
45
+ - import { FirestoreConfig } from 'native-update';
46
+ ```
47
+
48
+ The plugin no longer exposes `FirestoreConfig`, `firestore-client`, or
49
+ `manifest-reader`. Update checks happen via
50
+ `NativeUpdate.checkForUpdate()` / `NativeUpdate.sync()`, which now
51
+ always speak HTTP to your configured `serverUrl`.
52
+
53
+ #### 3. Replace `firestore/schema` type imports
54
+
55
+ If you were importing rollout / device / update-check types, switch to
56
+ the new backend-neutral exports:
57
+
58
+ ```diff
59
+ - import type {
60
+ - RolloutConfig,
61
+ - RolloutTargetSegments,
62
+ - DeviceInfo,
63
+ - UpdateCheckResponse,
64
+ - } from 'native-update/firestore';
65
+ + import type {
66
+ + RolloutConfig,
67
+ + RolloutTargetSegments,
68
+ + DeviceInfo,
69
+ + UpdateCheckResponse,
70
+ + } from 'native-update';
71
+ ```
72
+
73
+ `FirestoreTimestamp` is replaced by `RolloutTimestamp` (`number |
74
+ string | Date`); a `toEpochMs()` helper handles all three forms.
75
+
76
+ ### Not affected
77
+
78
+ - Bundle download, verification, install, rollback, boot-time
79
+ re-verify, and crash-loop auto-rollback are unchanged.
80
+ - Native Android / iOS plugin code is unchanged.
81
+ - App store update checks (`AppUpdate`) and in-app review prompts
82
+ (`AppReview`) are unchanged.
83
+
84
+ ---
85
+
86
+ ## Upgrading v1 → v2.0.0
87
+
88
+ v2 is a security-focused hardening release with a handful of breaking
89
+ changes. Every change is either (a) a credential-hardening tightening
90
+ that removes a silent-pass path, or (b) a feature removal for an option
91
+ that was documented but never actually implemented. Typical integrations
92
+ need only 2–3 config edits.
93
+
94
+ ### Required action
95
+
96
+ #### 1. Re-pass `apiKey` / `publicKey` on every `initialize()`
97
+
98
+ v1 persisted config (including `apiKey` and `publicKey`) to
99
+ `localStorage` / `SharedPreferences` / `UserDefaults`. v2 strips these
100
+ fields before persistence on every platform. Your app must provide them
101
+ on every `initialize()` call instead of relying on the cached copy.
102
+
103
+ ```ts
104
+ await NativeUpdate.initialize({
105
+ serverUrl: import.meta.env.VITE_NATIVE_UPDATE_API_URL,
106
+ apiKey: import.meta.env.VITE_NATIVE_UPDATE_API_KEY,
107
+ publicKey: import.meta.env.VITE_NATIVE_UPDATE_PUBLIC_KEY,
108
+ appId: 'com.your.app',
109
+ channel: 'production',
110
+ });
111
+ ```
112
+
113
+ If you relied on a "call initialize once, then continue" pattern without
114
+ re-passing the key, sync + download calls will fail with
115
+ "API key not configured" after the first cold start.
116
+
117
+ #### 2. Remove `enableEncryption`, `encryptionKey`, `encryptionSalt`
118
+
119
+ These options claimed AES-256-GCM bundle encryption but were only wired
120
+ on the web platform and never on Android/iOS — they shipped a false
121
+ guarantee. v2 removes them from the public API.
122
+
123
+ #### 3. Remove `allowDowngrade` from `UpdateOptions`
124
+
125
+ Downgrades are a debug / recovery operation, not a production flag.
126
+ v2 removes the option and always blocks downgrades against the
127
+ persisted high-water mark per channel.
128
+
129
+ #### 4. Stop calling `setUpdateUrl()` at runtime
130
+
131
+ `setUpdateUrl()` is deprecated and now a no-op. Server URL is fixed at
132
+ `initialize()` to close an XSS-repoint attack path. Re-call
133
+ `initialize()` with the new config if you legitimately need to switch
134
+ servers.
135
+
136
+ #### 5. iOS host-app Info.plist for background updates
137
+
138
+ If you use `enableBackgroundUpdates` on iOS, add to your app's own
139
+ `Info.plist`:
140
+
141
+ ```xml
142
+ <key>UIBackgroundModes</key>
143
+ <array><string>background-app-refresh</string></array>
144
+ <key>BGTaskSchedulerPermittedIdentifiers</key>
145
+ <array><string>com.aoneahsan.nativeupdate.background</string></array>
146
+ ```
147
+
148
+ Without these, iOS silently refuses to register the background task.
149
+ v2 surfaces an actionable error in `backgroundUpdateStatus.lastError`.
150
+
151
+ ### Behaviour that changed (no action needed)
152
+
153
+ - Signature verification fails closed when a `publicKey` is configured.
154
+ - Active bundle is re-hashed + re-signature-verified on every cold start.
155
+ - 2 failed cold starts without `notifyAppReady()` trigger auto-rollback.
156
+ - 3 most recent bundles kept by default (pass `cleanupOldBundles: false`
157
+ to opt out).
158
+ - Jittered exponential backoff on retries.
159
+ - Android WorkManager background jobs cap at 5 retries.
160
+
161
+ ### Backend changes (if self-hosting)
162
+
163
+ - Stripe → PayPal swap via `srmklive/paypal`. Run `composer update`,
164
+ apply the new migration, set `PAYPAL_*` env vars. See
165
+ `/docs/deployment/HOSTINGER_DEPLOY.md`.
166
+ - Signed URL TTL moved 5min → 30min, configurable via
167
+ `NATIVE_UPDATE_DOWNLOAD_TTL_MIN`.
168
+ - Device IDs HMAC-SHA256 hashed at DB write. New rows only — existing
169
+ rows are not backfilled.
170
+
171
+ ---
172
+
3
173
  ## Migrating from Other Update Solutions
4
174
 
5
175
  ### From Capacitor Live Updates (Official)