native-update 1.4.9 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Readme.md +35 -9
- package/android/manifest-additions.xml +28 -0
- package/android/src/main/AndroidManifest.xml +3 -7
- package/android/src/main/java/com/aoneahsan/nativeupdate/BackgroundNotificationManager.kt +21 -13
- package/android/src/main/java/com/aoneahsan/nativeupdate/BackgroundUpdatePlugin.kt +15 -0
- package/android/src/main/java/com/aoneahsan/nativeupdate/BackgroundUpdateWorker.kt +23 -7
- package/android/src/main/java/com/aoneahsan/nativeupdate/LiveUpdatePlugin.kt +346 -31
- package/android/src/main/java/com/aoneahsan/nativeupdate/NativeUpdatePlugin.kt +32 -34
- package/android/src/main/java/com/aoneahsan/nativeupdate/NotificationActionReceiver.kt +10 -1
- package/android/src/main/java/com/aoneahsan/nativeupdate/SecurityManager.kt +18 -18
- package/cli/AGENTS.md +43 -0
- package/cli/CLAUDE.md +65 -0
- package/cli/commands/backend-create.js +56 -15
- package/cli/commands/bundle-create.js +39 -7
- package/cli/commands/monitor.js +72 -51
- package/cli/index.js +10 -24
- package/cli/package.json +11 -3
- package/dist/esm/app-review/app-review-manager.js +0 -1
- package/dist/esm/app-review/index.js +0 -1
- package/dist/esm/app-review/platform-review-handler.js +0 -1
- package/dist/esm/app-review/review-conditions-checker.js +0 -1
- package/dist/esm/app-review/review-rate-limiter.js +0 -1
- package/dist/esm/app-review/types.js +0 -1
- package/dist/esm/app-update/app-update-checker.js +0 -1
- package/dist/esm/app-update/app-update-installer.d.ts +1 -0
- package/dist/esm/app-update/app-update-installer.js +19 -8
- package/dist/esm/app-update/app-update-manager.js +0 -1
- package/dist/esm/app-update/app-update-notifier.js +0 -1
- package/dist/esm/app-update/index.js +0 -1
- package/dist/esm/app-update/platform-app-update.js +12 -3
- package/dist/esm/app-update/types.js +0 -1
- package/dist/esm/background-update/background-scheduler.js +0 -1
- package/dist/esm/background-update/index.js +0 -1
- package/dist/esm/background-update/notification-manager.js +0 -1
- package/dist/esm/config/support.js +0 -1
- package/dist/esm/core/analytics.d.ts +13 -0
- package/dist/esm/core/analytics.js +15 -1
- package/dist/esm/core/cache-manager.js +0 -1
- package/dist/esm/core/config.d.ts +6 -30
- package/dist/esm/core/config.js +1 -8
- package/dist/esm/core/errors.d.ts +1 -0
- package/dist/esm/core/errors.js +1 -1
- package/dist/esm/core/event-emitter.d.ts +0 -3
- package/dist/esm/core/event-emitter.js +8 -3
- package/dist/esm/core/logger.js +0 -1
- package/dist/esm/core/performance.js +0 -1
- package/dist/esm/core/plugin-manager.js +3 -1
- package/dist/esm/core/security.d.ts +22 -3
- package/dist/esm/core/security.js +46 -7
- package/dist/esm/definitions.d.ts +13 -40
- package/dist/esm/definitions.js +0 -1
- package/dist/esm/index.d.ts +3 -4
- package/dist/esm/index.js +3 -3
- package/dist/esm/live-update/bundle-manager.d.ts +8 -0
- package/dist/esm/live-update/bundle-manager.js +20 -1
- package/dist/esm/live-update/certificate-pinning.js +0 -1
- package/dist/esm/live-update/delta-processor.d.ts +1 -1
- package/dist/esm/live-update/delta-processor.js +3 -1
- package/dist/esm/live-update/download-manager.d.ts +36 -5
- package/dist/esm/live-update/download-manager.js +70 -24
- package/dist/esm/live-update/rollout-checker.d.ts +1 -1
- package/dist/esm/live-update/rollout-checker.js +5 -6
- package/dist/esm/live-update/update-manager.d.ts +12 -1
- package/dist/esm/live-update/update-manager.js +38 -11
- package/dist/esm/live-update/version-manager.d.ts +9 -12
- package/dist/esm/live-update/version-manager.js +40 -68
- package/dist/esm/plugin.js +82 -89
- package/dist/esm/security/crypto.js +11 -7
- package/dist/esm/security/validator.js +0 -1
- package/dist/esm/types/rollout.d.ts +85 -0
- package/dist/esm/types/rollout.js +25 -0
- package/dist/esm/web.d.ts +26 -1
- package/dist/esm/web.js +214 -75
- package/dist/plugin.cjs.js +1 -2
- package/dist/plugin.esm.js +1 -2
- package/dist/plugin.js +2 -3
- package/docs/AGENTS.md +38 -0
- package/docs/CHANGELOG.md +275 -0
- package/docs/CLAUDE.md +101 -0
- package/docs/MANUAL-TASKS.md +17 -0
- package/docs/MARKETING_WEBSITE_TRACKER.md +18 -2
- package/docs/MIGRATION.md +170 -0
- package/docs/PACKAGES.md +167 -0
- package/docs/PERFORMANCE.md +110 -0
- package/docs/PROJECT_COMPLETION_TRACKER.md +4 -35
- package/docs/README.md +12 -2
- package/docs/REMAINING_FEATURES.md +123 -76
- package/docs/ROADMAP.md +200 -120
- package/docs/SECURITY-IF-REPO-PUBLIC.md +232 -0
- package/docs/TESTING_REQUIREMENTS.md +1 -112
- package/docs/ai-knowledge-base/00-project-profile.md +38 -0
- package/docs/ai-knowledge-base/01-features.md +46 -0
- package/docs/ai-knowledge-base/02-routes.md +72 -0
- package/docs/ai-knowledge-base/03-tech-stack.md +57 -0
- package/docs/ai-knowledge-base/README.md +23 -0
- package/docs/analytics-tracking.md +37 -0
- package/docs/capacitor-official-plugins.md +46 -0
- package/docs/capawesome-plugins.md +29 -0
- package/docs/deployment/HOSTINGER_DEPLOY.md +370 -0
- package/docs/deployment/PRODUCTION-DEPLOY-CHECKLIST.md +184 -0
- package/docs/docs-site/plan.md +201 -0
- package/docs/docs-site/scope.md +127 -0
- package/docs/docs-site/tracker.json +235 -0
- package/docs/error-handling-tracking.md +37 -0
- package/docs/features/laravel-nova-backend/ASSESSMENT-SUMMARY.md +96 -0
- package/docs/features/laravel-nova-backend/IMPLEMENTATION-PLAN.md +504 -0
- package/docs/features/laravel-nova-backend/progress-tracker.json +184 -0
- package/docs/guides/testing-guide.md +15 -41
- package/docs/package-audit.md +41 -0
- package/docs/play-store/ASO-METADATA.md +5 -0
- package/docs/play-store/DATA-SAFETY.md +5 -0
- package/docs/play-store/DECLARATIONS.md +5 -0
- package/docs/play-store/README.md +27 -0
- package/docs/play-store/RELEASE-NOTES.md +99 -0
- package/docs/play-store/RELEASE-STEPS.md +6 -0
- package/docs/play-store/STORE-LISTING.md +7 -0
- package/docs/play-store/SUBMISSION-CHECKLIST.md +5 -0
- package/docs/production-readiness.md +1 -1
- package/docs/project-audit/2026-05-16/00-FINALIZATION-PLAN.md +123 -0
- package/docs/project-audit/2026-05-16/01-BATCH-PLAN.md +227 -0
- package/docs/project-audit/2026-05-16/02-AUDIT-FINDINGS.md +144 -0
- package/docs/project-audit/2026-05-16/sessions/batch-01.md +42 -0
- package/docs/project-audit/2026-05-16/sessions/batch-02.md +74 -0
- package/docs/project-audit/2026-05-16/sessions/batch-03.md +71 -0
- package/docs/project-audit/2026-05-16/sessions/batch-04.md +88 -0
- package/docs/project-audit/2026-05-16/sessions/batch-05.md +63 -0
- package/docs/project-audit/2026-05-16/sessions/batch-06.md +103 -0
- package/docs/project-audit/2026-05-16/sessions/batch-07.md +61 -0
- package/docs/project-audit/2026-05-16/sessions/batch-08.md +101 -0
- package/docs/project-audit/2026-05-16/sessions/batch-09.md +105 -0
- package/docs/project-audit/2026-05-16/sessions/batch-10.md +102 -0
- package/docs/project-audit/AUDIT-HISTORY.md +74 -0
- package/docs/project-audit/BATCH-PLAN.md +168 -0
- package/docs/project-audit/MARKETING-WEBSITE-FINDINGS-2026-05-11.md +73 -0
- package/docs/project-audit/PRODUCTION-READINESS-AUDIT-2026-05-08.md +275 -0
- package/docs/project-finalization/00-tracker.json +60 -0
- package/docs/project-knowledge-base/01-system-overview.md +227 -0
- package/docs/project-knowledge-base/02-routes-pages-forms-users.md +352 -0
- package/docs/project-knowledge-base/03-tech-stack-modules-services.md +379 -0
- package/docs/project-knowledge-base/04-data-models-integrations.md +244 -0
- package/docs/project-knowledge-base/05-docs-corpus-inventory.md +256 -0
- package/docs/project-knowledge-base/06-operations-testing-legal-content.md +208 -0
- package/docs/project-knowledge-base/README.md +103 -0
- package/docs/project-profiles/native-update-capacitor-update-platform-project-profile-last-updated-2026-05-19.md +81 -0
- package/docs/rules-tracker.md +102 -0
- package/docs/security/PRE-LAUNCH-PENTEST-CHECKLIST.md +116 -0
- package/docs/seo-aeo-rules.json +3043 -0
- package/docs/social-media-marketing/README.md +81 -0
- package/docs/social-media-marketing/posts-batch-01.md +613 -0
- package/docs/social-media-marketing/posts-batch-02.md +528 -0
- package/docs/social-media-marketing/whatsapp-messages-batch-01.md +458 -0
- package/docs/social-media-marketing/whatsapp-status-batch-01.md +355 -0
- package/docs/tracking/finalization-2026-05-16-tracker.json +346 -0
- package/docs/tracking/full-audit-tracker.json +121 -0
- package/docs/tracking/production-readiness-audit-tracker.json +429 -0
- package/docs/tracking/seo-checklist-tracker.json +333 -0
- package/ios/Plugin/BackgroundUpdate/BackgroundUpdatePlugin.swift +66 -9
- package/ios/Plugin/LiveUpdate/LiveUpdatePlugin.swift +306 -52
- package/ios/Plugin/NativeUpdatePlugin.swift +22 -9
- package/ios/Plugin/Security/SecurityManager.swift +13 -14
- package/package.json +37 -38
- package/cli/node_modules/.yarn-integrity +0 -16
- package/cli/node_modules/commander/LICENSE +0 -22
- package/cli/node_modules/commander/Readme.md +0 -1148
- package/cli/node_modules/commander/esm.mjs +0 -16
- package/cli/node_modules/commander/index.js +0 -26
- package/cli/node_modules/commander/lib/argument.js +0 -145
- package/cli/node_modules/commander/lib/command.js +0 -2179
- package/cli/node_modules/commander/lib/error.js +0 -43
- package/cli/node_modules/commander/lib/help.js +0 -462
- package/cli/node_modules/commander/lib/option.js +0 -329
- package/cli/node_modules/commander/lib/suggestSimilar.js +0 -100
- package/cli/node_modules/commander/package-support.json +0 -16
- package/cli/node_modules/commander/package.json +0 -80
- package/cli/node_modules/commander/typings/esm.d.mts +0 -3
- package/cli/node_modules/commander/typings/index.d.ts +0 -884
- package/cli/yarn.lock +0 -8
- package/dist/esm/__tests__/bundle-manager.test.d.ts +0 -1
- package/dist/esm/__tests__/bundle-manager.test.js +0 -151
- package/dist/esm/__tests__/bundle-manager.test.js.map +0 -1
- package/dist/esm/__tests__/config.test.d.ts +0 -1
- package/dist/esm/__tests__/config.test.js +0 -70
- package/dist/esm/__tests__/config.test.js.map +0 -1
- package/dist/esm/__tests__/delta-processor.test.d.ts +0 -1
- package/dist/esm/__tests__/delta-processor.test.js +0 -77
- package/dist/esm/__tests__/delta-processor.test.js.map +0 -1
- package/dist/esm/__tests__/firestore-schema.test.d.ts +0 -1
- package/dist/esm/__tests__/firestore-schema.test.js +0 -74
- package/dist/esm/__tests__/firestore-schema.test.js.map +0 -1
- package/dist/esm/__tests__/integration.test.d.ts +0 -1
- package/dist/esm/__tests__/integration.test.js +0 -78
- package/dist/esm/__tests__/integration.test.js.map +0 -1
- package/dist/esm/__tests__/manifest-reader.test.d.ts +0 -1
- package/dist/esm/__tests__/manifest-reader.test.js +0 -271
- package/dist/esm/__tests__/manifest-reader.test.js.map +0 -1
- package/dist/esm/__tests__/rollout-checker.test.d.ts +0 -1
- package/dist/esm/__tests__/rollout-checker.test.js +0 -210
- package/dist/esm/__tests__/rollout-checker.test.js.map +0 -1
- package/dist/esm/__tests__/security.test.d.ts +0 -1
- package/dist/esm/__tests__/security.test.js +0 -54
- package/dist/esm/__tests__/security.test.js.map +0 -1
- package/dist/esm/__tests__/version-manager.test.d.ts +0 -1
- package/dist/esm/__tests__/version-manager.test.js +0 -45
- package/dist/esm/__tests__/version-manager.test.js.map +0 -1
- package/dist/esm/app-review/app-review-manager.js.map +0 -1
- package/dist/esm/app-review/index.js.map +0 -1
- package/dist/esm/app-review/platform-review-handler.js.map +0 -1
- package/dist/esm/app-review/review-conditions-checker.js.map +0 -1
- package/dist/esm/app-review/review-rate-limiter.js.map +0 -1
- package/dist/esm/app-review/types.js.map +0 -1
- package/dist/esm/app-update/app-update-checker.js.map +0 -1
- package/dist/esm/app-update/app-update-installer.js.map +0 -1
- package/dist/esm/app-update/app-update-manager.js.map +0 -1
- package/dist/esm/app-update/app-update-notifier.js.map +0 -1
- package/dist/esm/app-update/index.js.map +0 -1
- package/dist/esm/app-update/platform-app-update.js.map +0 -1
- package/dist/esm/app-update/types.js.map +0 -1
- package/dist/esm/background-update/background-scheduler.js.map +0 -1
- package/dist/esm/background-update/index.js.map +0 -1
- package/dist/esm/background-update/notification-manager.js.map +0 -1
- package/dist/esm/config/support.js.map +0 -1
- package/dist/esm/core/analytics.js.map +0 -1
- package/dist/esm/core/cache-manager.js.map +0 -1
- package/dist/esm/core/config.js.map +0 -1
- package/dist/esm/core/errors.js.map +0 -1
- package/dist/esm/core/event-emitter.js.map +0 -1
- package/dist/esm/core/logger.js.map +0 -1
- package/dist/esm/core/performance.js.map +0 -1
- package/dist/esm/core/plugin-manager.js.map +0 -1
- package/dist/esm/core/security.js.map +0 -1
- package/dist/esm/definitions.js.map +0 -1
- package/dist/esm/firestore/firestore-client.d.ts +0 -109
- package/dist/esm/firestore/firestore-client.js +0 -264
- package/dist/esm/firestore/firestore-client.js.map +0 -1
- package/dist/esm/firestore/index.d.ts +0 -11
- package/dist/esm/firestore/index.js +0 -11
- package/dist/esm/firestore/index.js.map +0 -1
- package/dist/esm/firestore/manifest-reader.d.ts +0 -87
- package/dist/esm/firestore/manifest-reader.js +0 -294
- package/dist/esm/firestore/manifest-reader.js.map +0 -1
- package/dist/esm/firestore/schema.d.ts +0 -507
- package/dist/esm/firestore/schema.js +0 -73
- package/dist/esm/firestore/schema.js.map +0 -1
- package/dist/esm/index.js.map +0 -1
- package/dist/esm/live-update/bundle-manager.js.map +0 -1
- package/dist/esm/live-update/certificate-pinning.js.map +0 -1
- package/dist/esm/live-update/delta-processor.js.map +0 -1
- package/dist/esm/live-update/download-manager.js.map +0 -1
- package/dist/esm/live-update/rollout-checker.js.map +0 -1
- package/dist/esm/live-update/update-manager.js.map +0 -1
- package/dist/esm/live-update/version-manager.js.map +0 -1
- package/dist/esm/plugin.js.map +0 -1
- package/dist/esm/security/crypto.js.map +0 -1
- package/dist/esm/security/validator.js.map +0 -1
- package/dist/esm/web.js.map +0 -1
- package/dist/plugin.cjs.js.map +0 -1
- package/dist/plugin.esm.js.map +0 -1
- package/dist/plugin.js.map +0 -1
- package/docs/FIREBASE_INTEGRATION_TRACKER.md +0 -321
- package/docs/FIREBASE_QUERIES_AND_INDEXES_AUDIT.md +0 -221
- package/docs/examples/firebase-backend-example.md +0 -27
- package/docs/guides/no-cost-backend-implementation-plan.md +0 -77
- package/docs/guides/no-cost-firestore-google-drive-backend.md +0 -60
- package/docs/play-console-rejection-rules.json +0 -428
- /package/docs/{MARKETING_WEBSITE_PLAN.md → archive/MARKETING_WEBSITE_PLAN.md} +0 -0
package/docs/ROADMAP.md
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
|
-
# Capacitor Native Update
|
|
1
|
+
# Capacitor Native Update — Development Roadmap
|
|
2
2
|
|
|
3
|
-
**Last Updated:** 2026-
|
|
4
|
-
**Status:** ✅
|
|
3
|
+
**Last Updated:** 2026-05-18
|
|
4
|
+
**Status:** ✅ Production Ready — Play-Store-publishable end-to-end (finalization audit closed 2026-05-16; cooldown until 2026-05-23)
|
|
5
5
|
|
|
6
|
-
This document outlines the development phases and their completion status.
|
|
6
|
+
This document outlines the development phases and their completion status. For the authoritative timeline of who-shipped-what-when, see the root `CLAUDE.md` Audit Record + `docs/CHANGELOG.md`.
|
|
7
7
|
|
|
8
8
|
---
|
|
9
9
|
|
|
10
10
|
## ✅ Current Status: Production Ready
|
|
11
11
|
|
|
12
|
-
The plugin provides complete OTA update functionality with native implementations for iOS and Android, comprehensive documentation, example applications, and
|
|
12
|
+
The plugin provides complete OTA update functionality with native implementations for iOS and Android, a Laravel 13 + Nova 5 SaaS backend with Sanctum-token auth + Spatie RBAC, comprehensive documentation (including a public Docusaurus docs site with 58 pages), example applications, CLI release-management tooling, and a Capacitor-wrapped React dashboard that is Play-Store-publishable end-to-end.
|
|
13
13
|
|
|
14
14
|
---
|
|
15
15
|
|
|
@@ -18,157 +18,233 @@ The plugin provides complete OTA update functionality with native implementation
|
|
|
18
18
|
### 1. Backend Infrastructure ✅ COMPLETE
|
|
19
19
|
|
|
20
20
|
#### Update Server
|
|
21
|
-
|
|
21
|
+
|
|
22
|
+
- [x] Laravel 13 + Nova 5 SaaS backend (`backend/` — the only backend after v3.0.0)
|
|
23
|
+
- [x] REST API endpoints for update management (`/api/dashboard/*` for the dashboard, `/api/v1/*` for the mobile plane)
|
|
22
24
|
- [x] Version management system
|
|
23
|
-
- [x] Bundle storage and retrieval (Google Drive
|
|
25
|
+
- [x] Bundle storage and retrieval (Google Drive via server-side OAuth)
|
|
24
26
|
- [x] Update manifest generation
|
|
25
27
|
- [x] Channel management (production, staging, development)
|
|
26
28
|
- [x] Analytics endpoints
|
|
29
|
+
- [x] Rollout config (percentage + pause/resume + targetSegments JSON) on the `builds` table
|
|
30
|
+
- [x] FormRequest validators on every mutating endpoint
|
|
31
|
+
- [x] env-driven CORS allowlist
|
|
32
|
+
- [x] PayPal webhook + Stripe subscription model
|
|
33
|
+
|
|
34
|
+
#### Auth + Identity
|
|
35
|
+
|
|
36
|
+
- [x] Laravel Socialite (Google OAuth) — only sign-in method
|
|
37
|
+
- [x] Sanctum personal access tokens (default 7-day TTL; configurable via `SANCTUM_TOKEN_EXPIRATION`)
|
|
38
|
+
- [x] `spatie/laravel-permission` RBAC with `super-admin`, `admin`, `user` roles
|
|
39
|
+
- [x] Per-route `can:<permission>` middleware on every dashboard/admin endpoint
|
|
40
|
+
- [x] `Gate::before` super-admin bypass
|
|
41
|
+
- [x] `php artisan native-update:role-assign <email> <role>` command for ops-driven role changes
|
|
42
|
+
- [x] Per-app `ValidateApiKey` middleware for the mobile `/api/v1/*` plane (separate from Sanctum)
|
|
27
43
|
|
|
28
44
|
#### Security Infrastructure
|
|
45
|
+
|
|
29
46
|
- [x] Bundle signing service (CLI tools)
|
|
30
|
-
- [x] Public/private key generation
|
|
47
|
+
- [x] Public/private key generation (RSA-2048 / RSA-4096 / EC P-256 / EC P-384)
|
|
31
48
|
- [x] Checksum generation (SHA-256)
|
|
32
|
-
- [x] Signature verification
|
|
49
|
+
- [x] Signature verification (RSA-SHA256 / ECDSA)
|
|
50
|
+
- [x] Encrypted Drive OAuth token storage (Laravel encrypter)
|
|
51
|
+
- [x] Hashed-at-rest Sanctum tokens
|
|
33
52
|
|
|
34
53
|
#### Example Backends
|
|
54
|
+
|
|
35
55
|
- [x] Node.js + Express example (`example-apps/node-express/`)
|
|
36
|
-
- [x] Firebase Cloud Functions example (`example-apps/firebase-backend/`)
|
|
37
56
|
- [x] Google Drive integration for storage
|
|
38
57
|
|
|
58
|
+
(Note: `example-apps/firebase-backend/` was removed in v3.0.0; the project no longer carries a Firebase backend example.)
|
|
59
|
+
|
|
39
60
|
### 2. Native Platform Implementation ✅ COMPLETE
|
|
40
61
|
|
|
41
62
|
#### iOS (Swift)
|
|
42
|
-
|
|
43
|
-
- [x]
|
|
44
|
-
- [x]
|
|
45
|
-
- [x]
|
|
46
|
-
- [x]
|
|
47
|
-
- [x]
|
|
48
|
-
- [x]
|
|
63
|
+
|
|
64
|
+
- [x] NativeUpdatePlugin.swift — Main plugin
|
|
65
|
+
- [x] LiveUpdatePlugin.swift — OTA updates
|
|
66
|
+
- [x] BundleManager (bundle handling)
|
|
67
|
+
- [x] AppUpdatePlugin.swift — App store updates
|
|
68
|
+
- [x] AppReviewPlugin.swift — In-app reviews (`SKStoreReviewController`)
|
|
69
|
+
- [x] BackgroundUpdatePlugin.swift — Background updates (BGTaskScheduler)
|
|
70
|
+
- [x] SecurityManager.swift — Security utilities
|
|
49
71
|
|
|
50
72
|
#### Android (Kotlin)
|
|
51
|
-
|
|
52
|
-
- [x]
|
|
53
|
-
- [x]
|
|
54
|
-
- [x]
|
|
55
|
-
- [x]
|
|
56
|
-
- [x]
|
|
57
|
-
- [x]
|
|
73
|
+
|
|
74
|
+
- [x] NativeUpdatePlugin.kt — Main plugin
|
|
75
|
+
- [x] LiveUpdatePlugin.kt — OTA updates
|
|
76
|
+
- [x] BundleManager (bundle handling)
|
|
77
|
+
- [x] AppUpdatePlugin.kt — Play Store updates (Play Core Library)
|
|
78
|
+
- [x] AppReviewPlugin.kt — In-app reviews (Play Review)
|
|
79
|
+
- [x] BackgroundUpdatePlugin.kt — Background updates (WorkManager)
|
|
80
|
+
- [x] SecurityManager.kt — Security utilities
|
|
58
81
|
|
|
59
82
|
### 3. TypeScript Implementation ✅ COMPLETE
|
|
60
83
|
|
|
61
84
|
- [x] Plugin definitions and interfaces
|
|
62
85
|
- [x] Web implementation
|
|
63
|
-
- [x] Live update module
|
|
64
|
-
- [x] App update module
|
|
65
|
-
- [x] App review module
|
|
66
|
-
- [x] Background update module
|
|
67
|
-
- [x] Core infrastructure (
|
|
68
|
-
- [x] Security module (
|
|
69
|
-
|
|
86
|
+
- [x] Live update module
|
|
87
|
+
- [x] App update module
|
|
88
|
+
- [x] App review module
|
|
89
|
+
- [x] Background update module
|
|
90
|
+
- [x] Core infrastructure (analytics, cache, config, errors, event-emitter, logger, performance, plugin-manager, security)
|
|
91
|
+
- [x] Security module (crypto, validator)
|
|
92
|
+
|
|
93
|
+
(Note: `src/firestore/` was removed in v3.0.0. The plugin no longer carries any Firestore code; manifest reads happen over plain HTTPS against any user-controlled endpoint.)
|
|
70
94
|
|
|
71
95
|
### 4. Testing Suite ✅ COMPLETE
|
|
72
96
|
|
|
73
|
-
####
|
|
74
|
-
|
|
75
|
-
- [x]
|
|
76
|
-
- [x]
|
|
77
|
-
- [x]
|
|
78
|
-
- [x]
|
|
79
|
-
- [x]
|
|
80
|
-
- [x]
|
|
81
|
-
- [x]
|
|
82
|
-
-
|
|
83
|
-
|
|
84
|
-
#### iOS Native Tests (XCTest) ✅
|
|
85
|
-
|
|
86
|
-
- [x]
|
|
87
|
-
- [x]
|
|
88
|
-
- [x]
|
|
89
|
-
- [x]
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
- [x]
|
|
95
|
-
- [x]
|
|
96
|
-
- [x]
|
|
97
|
-
- [x]
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
- [x] Complete update lifecycle (ota-update.e2e.spec.js)
|
|
101
|
-
- [x] Download progress tracking (download-progress.e2e.spec.js)
|
|
102
|
-
- [x] Channel switching (channel-switching.e2e.spec.js)
|
|
103
|
-
- [x] Error handling (error-handling.e2e.spec.js)
|
|
97
|
+
#### Backend Tests (Laravel)
|
|
98
|
+
|
|
99
|
+
- [x] OAuth + Socialite flow
|
|
100
|
+
- [x] Sanctum token issuance + middleware
|
|
101
|
+
- [x] Spatie permission seeder + role assignment
|
|
102
|
+
- [x] UpdateBuildRequest FormRequest validation
|
|
103
|
+
- [x] PayPal webhook (4 cases)
|
|
104
|
+
- [x] BundleUploadTest (7 cases)
|
|
105
|
+
- [x] UserLicenseTest (5 cases)
|
|
106
|
+
- **Total: 136/136 passing** (Pest/PHPUnit)
|
|
107
|
+
|
|
108
|
+
#### iOS Native Tests (XCTest) ✅
|
|
109
|
+
|
|
110
|
+
- [x] SecurityManagerTests.swift
|
|
111
|
+
- [x] LiveUpdateTests.swift
|
|
112
|
+
- [x] AppUpdateTests.swift
|
|
113
|
+
- [x] AppReviewTests.swift
|
|
114
|
+
- [x] BackgroundUpdateTests.swift
|
|
115
|
+
|
|
116
|
+
#### Android Native Tests (JUnit/Kotlin) ✅
|
|
117
|
+
|
|
118
|
+
- [x] SecurityManagerTest.kt
|
|
119
|
+
- [x] LiveUpdatePluginTest.kt
|
|
120
|
+
- [x] AppUpdatePluginTest.kt
|
|
121
|
+
- [x] AppReviewPluginTest.kt
|
|
122
|
+
- [x] BackgroundUpdateWorkerTest.kt
|
|
123
|
+
- [x] BackgroundNotificationManagerTest.kt
|
|
104
124
|
|
|
105
125
|
### 5. Tooling and Utilities ✅ COMPLETE
|
|
106
126
|
|
|
107
127
|
#### CLI Package (8 Commands)
|
|
108
|
-
|
|
109
|
-
- [x] `
|
|
110
|
-
- [x] `bundle-
|
|
111
|
-
- [x] `bundle-
|
|
112
|
-
- [x] `
|
|
113
|
-
- [x] `
|
|
114
|
-
- [x] `
|
|
115
|
-
- [x] `
|
|
128
|
+
|
|
129
|
+
- [x] `init` — Initialize a new project
|
|
130
|
+
- [x] `bundle-create` — Create update bundles
|
|
131
|
+
- [x] `bundle-sign` — Sign bundles cryptographically
|
|
132
|
+
- [x] `bundle-verify` — Verify bundle signatures
|
|
133
|
+
- [x] `keys-generate` — Generate RSA / ECDSA keypairs
|
|
134
|
+
- [x] `backend-create` — Scaffold backend server (with `TODO[SCAFFOLD-IMPLEMENT-BEFORE-DEPLOY]` markers)
|
|
135
|
+
- [x] `server-start` — Run local update server
|
|
136
|
+
- [x] `monitor` — Monitor update deployments (interval+spinner cleanup, signal handlers, failure bail)
|
|
116
137
|
|
|
117
138
|
#### Developer Tools
|
|
139
|
+
|
|
118
140
|
- [x] Local testing server
|
|
119
141
|
- [x] Bundle creator utility
|
|
120
142
|
- [x] Bundle signer utility
|
|
121
143
|
|
|
122
144
|
### 6. Documentation ✅ COMPLETE
|
|
123
145
|
|
|
124
|
-
- [x] API documentation (
|
|
125
|
-
- [x] Feature guides (
|
|
126
|
-
- [x] Getting started guides (
|
|
127
|
-
- [x] Developer guides (
|
|
128
|
-
- [x] Examples (
|
|
129
|
-
- [x] Security documentation
|
|
130
|
-
- [x] Migration guide
|
|
146
|
+
- [x] API documentation (`docs/api/`)
|
|
147
|
+
- [x] Feature guides (`docs/features/`)
|
|
148
|
+
- [x] Getting started guides (`docs/getting-started/`)
|
|
149
|
+
- [x] Developer guides (`docs/guides/`)
|
|
150
|
+
- [x] Examples (`docs/examples/`)
|
|
151
|
+
- [x] Security documentation + PRE-LAUNCH-PENTEST-CHECKLIST
|
|
152
|
+
- [x] Migration guide (v2 → v3.0.0 + 2026-05-11 auth-swap notes)
|
|
131
153
|
- [x] Changelog
|
|
132
154
|
- [x] Known limitations
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
- [x]
|
|
138
|
-
- [x]
|
|
139
|
-
- [x]
|
|
140
|
-
- [x]
|
|
141
|
-
- [x]
|
|
155
|
+
- [x] **Public Docusaurus docs site** (sibling repo `native-update-docs`, Firebase Hosting, 58 Diátaxis-organized pages, ~76k words, 30+ AI-bot allowlist + llms.txt + JSON-LD)
|
|
156
|
+
|
|
157
|
+
### 7. Marketing Website + Dashboard ✅ COMPLETE
|
|
158
|
+
|
|
159
|
+
- [x] React 19 + Vite 7 + Tailwind v4 + TanStack Query + Radix primitives
|
|
160
|
+
- [x] Public marketing pages (Home, Features 1956 words, Pricing 1897 words, About 1913 words, Docs, Examples, Contact)
|
|
161
|
+
- [x] Authenticated dashboard (Apps, Builds, Upload, Drive, Config, Settings, Rollouts, Analytics)
|
|
162
|
+
- [x] Admin pages (Overview, Users, Apps, Builds) with Spatie permission gates
|
|
163
|
+
- [x] User authentication via Laravel Socialite + Sanctum (Firebase Auth removed 2026-05-11)
|
|
164
|
+
- [x] Build upload and management (multipart → Laravel → Drive)
|
|
165
|
+
- [x] Google Drive connect/disconnect (server-side OAuth)
|
|
166
|
+
- [x] Analytics visualization (D3-based; pulls aggregates from `/api/dashboard/analytics`)
|
|
142
167
|
- [x] Configuration generator
|
|
143
|
-
- [x] All legal pages (Privacy, Terms, Security, Cookies, Data Deletion)
|
|
168
|
+
- [x] All legal pages (Privacy, Terms, Security, Cookies, Data Deletion) rewritten for the Sanctum stack
|
|
169
|
+
- [x] SEO/AEO discovery files: robots.txt with 30+ AI bots, sitemap.xml, sitemap-index.json, feed.xml, llms.txt, llms-full.txt, ai.txt, humans.txt, security.txt, machine-readable pricing.md
|
|
170
|
+
- [x] Per-route static HTML prerender + per-route JSON-LD
|
|
171
|
+
- [x] Capacitor-wrapped for Play Store distribution (Android release readiness closed 2026-05-16)
|
|
144
172
|
|
|
145
173
|
### 8. Example Applications ✅ COMPLETE
|
|
146
174
|
|
|
147
|
-
- [x] React + Capacitor frontend (`example-apps/react-capacitor/`)
|
|
148
|
-
- [x] Node.js + Express backend (`example-apps/node-express/`)
|
|
149
|
-
|
|
175
|
+
- [x] React + Capacitor frontend (`example-apps/react-capacitor/`) — with capability cards for app-update / app-review / background-update; React 18 (stable downstream target)
|
|
176
|
+
- [x] Node.js + Express backend (`example-apps/node-express/`) — minimal manifest-endpoint reference
|
|
177
|
+
|
|
178
|
+
### 9. CI/CD ✅ COMPLETE
|
|
179
|
+
|
|
180
|
+
- [x] `.github/workflows/ci.yml` — yarn-based CI on PRs (corepack + node 20 + yarn 4)
|
|
181
|
+
- [x] `.github/workflows/release.yml` — tag-driven npm publish (with provenance) + GitHub Release
|
|
182
|
+
- [x] `.github/workflows/example-bundle.yml` — release+manual+weekly-cron build of the example app, signed, attached to GitHub Release (ephemeral-key fallback when secret absent)
|
|
183
|
+
|
|
184
|
+
### 10. Android Release Readiness ✅ COMPLETE (2026-05-16)
|
|
185
|
+
|
|
186
|
+
- [x] `signingConfigs.release` wired from env vars
|
|
187
|
+
- [x] ProGuard / R8 enabled with Capacitor-aware rules
|
|
188
|
+
- [x] `network_security_config.xml` (HTTPS-only outside debug; localhost cleartext exception for dev)
|
|
189
|
+
- [x] Branded launcher icons (15 PNGs across all densities + adaptive icons)
|
|
190
|
+
- [x] Branded splash assets (11 PNGs)
|
|
191
|
+
- [x] 3 Play Store graphics (feature graphic, promo graphic, TV banner) rendered from SVG via rsvg-convert
|
|
192
|
+
- [x] 10-section `docs/deployment/BUILD_FOR_PLAY_STORE.md` runbook
|
|
193
|
+
- [x] `screenshots/CAPTURE-GUIDE.md`
|
|
194
|
+
- [x] Play Store `full-description.md` + `data-safety.md` rewritten for the Sanctum stack
|
|
195
|
+
- [x] Unverifiable SOC / ISO / SLA claims removed from SecurityPage
|
|
150
196
|
|
|
151
197
|
---
|
|
152
198
|
|
|
153
199
|
## 🎯 Future Enhancement Phases
|
|
154
200
|
|
|
155
|
-
### ~~Phase 1: Advanced Testing~~ ✅ COMPLETE (2026-01-16)
|
|
156
|
-
|
|
157
|
-
- [x]
|
|
158
|
-
- [x]
|
|
201
|
+
### ~~Phase 1: Advanced Testing~~ ✅ COMPLETE (2026-01-16 → 2026-05-11)
|
|
202
|
+
|
|
203
|
+
- [x] iOS XCTest implementation
|
|
204
|
+
- [x] Android JUnit tests
|
|
205
|
+
- [x] E2E test suite with Detox
|
|
206
|
+
- [x] Backend Pest/PHPUnit test suite (added 2026-05-08 → 2026-05-11)
|
|
207
|
+
- [x] Microbenchmark scaffold for security hot paths (added 2026-05-11)
|
|
208
|
+
|
|
209
|
+
### ~~Phase 2: CI/CD~~ ✅ COMPLETE (2026-05-08 → 2026-05-11)
|
|
210
|
+
|
|
211
|
+
- [x] GitHub Actions CI (`.github/workflows/ci.yml`)
|
|
212
|
+
- [x] GitHub Actions release pipeline (`.github/workflows/release.yml`)
|
|
213
|
+
- [x] GitHub Actions example-bundle pipeline (`.github/workflows/example-bundle.yml`)
|
|
214
|
+
|
|
215
|
+
### ~~Phase 3: Public Docs Site~~ ✅ COMPLETE (2026-05-11)
|
|
159
216
|
|
|
160
|
-
|
|
161
|
-
- [
|
|
162
|
-
- [
|
|
163
|
-
- [
|
|
164
|
-
- [
|
|
217
|
+
- [x] Docusaurus public docs site at sibling repo `native-update-docs`
|
|
218
|
+
- [x] 58 Diátaxis-organized pages, ~76k words
|
|
219
|
+
- [x] Firebase Hosting deployed (custom domain ready)
|
|
220
|
+
- [x] 7 discovery files (robots / llms / llms-full / humans / security / sitemap-index / sitemap)
|
|
221
|
+
- [x] 3 JSON-LD blocks per page
|
|
222
|
+
|
|
223
|
+
### ~~Phase 4: Android Play Store Readiness~~ ✅ COMPLETE (2026-05-16)
|
|
224
|
+
|
|
225
|
+
(See "Android Release Readiness" section above.)
|
|
226
|
+
|
|
227
|
+
### Phase 5: Enterprise Features (Optional, future)
|
|
228
|
+
|
|
229
|
+
- [ ] Delta updates WASM optimization (placeholder exists)
|
|
165
230
|
- [ ] A/B testing support
|
|
231
|
+
- [ ] Multi-tenant SaaS hardening (sub-team / org accounts / shared ownership)
|
|
232
|
+
- [ ] Enterprise SSO integration (SAML / OIDC beyond Google)
|
|
233
|
+
- [ ] Custom branding for white-label SaaS
|
|
234
|
+
- [ ] SLA monitoring + uptime page
|
|
235
|
+
- [ ] Audit-logging UI surfaces on top of existing `analytics_events` data
|
|
236
|
+
|
|
237
|
+
### Phase 6: Community / Ecosystem (Optional, future)
|
|
166
238
|
|
|
167
|
-
### Phase 3: Community Features (Optional)
|
|
168
239
|
- [ ] Video tutorials
|
|
169
|
-
- [ ]
|
|
170
|
-
- [ ]
|
|
171
|
-
- [ ]
|
|
240
|
+
- [ ] Wikipedia / Reddit / Product Hunt / AlternativeTo / G2 / Capterra presence (AI-citation reach)
|
|
241
|
+
- [ ] Additional framework examples (Vue, Angular, Svelte)
|
|
242
|
+
- [ ] Additional backend examples (Python, Java)
|
|
243
|
+
- [ ] Community plugins directory
|
|
244
|
+
|
|
245
|
+
### Phase 7: Internal Refactors (Optional, future)
|
|
246
|
+
|
|
247
|
+
- [ ] `website/src/pages/DocsPage.tsx` — 1,406-line file (workspace 500-line max). Multi-session refactor into per-feature sub-components.
|
|
172
248
|
|
|
173
249
|
---
|
|
174
250
|
|
|
@@ -176,40 +252,44 @@ The plugin provides complete OTA update functionality with native implementation
|
|
|
176
252
|
|
|
177
253
|
| Category | Status | Progress |
|
|
178
254
|
|----------|--------|----------|
|
|
179
|
-
| Backend Infrastructure | ✅ Complete | 100% |
|
|
255
|
+
| Backend Infrastructure (Laravel + Nova + Sanctum + Spatie) | ✅ Complete | 100% |
|
|
180
256
|
| iOS Native Implementation | ✅ Complete | 100% |
|
|
181
257
|
| Android Native Implementation | ✅ Complete | 100% |
|
|
182
258
|
| TypeScript Implementation | ✅ Complete | 100% |
|
|
183
259
|
| CLI Tools | ✅ Complete | 100% |
|
|
184
|
-
| Documentation | ✅ Complete | 100% |
|
|
185
|
-
| Marketing Website | ✅ Complete | 100% |
|
|
260
|
+
| Documentation (repo + public Docusaurus) | ✅ Complete | 100% |
|
|
261
|
+
| Marketing Website + Dashboard | ✅ Complete | 100% |
|
|
186
262
|
| Example Applications | ✅ Complete | 100% |
|
|
187
|
-
|
|
|
263
|
+
| Backend Pest Tests | ✅ Complete | 100% (136/136) |
|
|
188
264
|
| iOS Native Tests (XCTest) | ✅ Complete | 100% |
|
|
189
265
|
| Android Native Tests (JUnit) | ✅ Complete | 100% |
|
|
190
|
-
|
|
|
266
|
+
| CI/CD | ✅ Complete | 100% |
|
|
267
|
+
| Android Release Readiness | ✅ Complete | 100% |
|
|
268
|
+
| Enterprise Features (Phase 5) | ⏳ Optional | 0% |
|
|
269
|
+
| Community / Ecosystem (Phase 6) | ⏳ Optional | 0% |
|
|
191
270
|
|
|
192
|
-
**Overall Status:** Production Ready with
|
|
271
|
+
**Overall Status:** Production Ready, Play-Store-publishable end-to-end, with backend Pest + iOS XCTest + Android JUnit test layers passing.
|
|
193
272
|
|
|
194
273
|
---
|
|
195
274
|
|
|
196
275
|
## 📝 Notes
|
|
197
276
|
|
|
198
|
-
-
|
|
199
|
-
-
|
|
200
|
-
-
|
|
201
|
-
- All builds pass with zero errors
|
|
202
|
-
- All lint checks pass with zero warnings
|
|
203
|
-
-
|
|
277
|
+
- v3.0.0 (2026-05-04) removed Firestore from the plugin SDK + website; Laravel HTTP is the only backend.
|
|
278
|
+
- 2026-05-11 swapped Firebase Auth for Laravel Socialite + Sanctum + Spatie RBAC.
|
|
279
|
+
- 2026-05-16 closed the finalization audit (10 batches) making the Capacitor-wrapped dashboard Play-Store-publishable end-to-end.
|
|
280
|
+
- All builds pass with zero errors (`yarn build` root + website + Docusaurus).
|
|
281
|
+
- All lint checks pass with zero warnings.
|
|
282
|
+
- Audit cooldown until 2026-05-23 (7-day cooldown after finalization audit closure).
|
|
204
283
|
|
|
205
284
|
---
|
|
206
285
|
|
|
207
286
|
## 🤝 Contributing
|
|
208
287
|
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
-
|
|
212
|
-
-
|
|
213
|
-
-
|
|
288
|
+
Contributions welcome. Focus areas:
|
|
289
|
+
|
|
290
|
+
- Delta updates WASM optimization (Phase 5)
|
|
291
|
+
- Additional backend examples in other languages (Phase 6)
|
|
292
|
+
- Framework-specific adapters (Vue / Angular / Svelte — Phase 6)
|
|
293
|
+
- AI-citation reach: Wikipedia mention, Reddit / Product Hunt presence (Phase 6)
|
|
214
294
|
|
|
215
295
|
See [CONTRIBUTING.md](../CONTRIBUTING.md) for guidelines.
|
|
@@ -0,0 +1,232 @@
|
|
|
1
|
+
# If This Repo Ever Becomes Public — Security Runbook
|
|
2
|
+
|
|
3
|
+
**Status:** Preventive. As of 2026-05-08 the repository is **PRIVATE** by intent.
|
|
4
|
+
The root `.gitignore` explicitly opts to keep `.env` files in git so the team can
|
|
5
|
+
share secrets. If that policy ever changes — open-sourcing the SaaS, splitting
|
|
6
|
+
the dashboard into a separate public repo, accidental leak via a public mirror,
|
|
7
|
+
contractor audit, etc. — work through this runbook in order. Do **not** rely on
|
|
8
|
+
"I'll just delete the file" — git history keeps it forever unless you scrub.
|
|
9
|
+
|
|
10
|
+
> **Trigger phrases that mean "run this runbook":** "make this repo public",
|
|
11
|
+
> "open-source this", "we're forking the dashboard public", "the repo got
|
|
12
|
+
> mirrored", "GitHub flagged a leaked secret", "we leaked X".
|
|
13
|
+
|
|
14
|
+
---
|
|
15
|
+
|
|
16
|
+
## Step 0 — Stop and assess (before pushing anything)
|
|
17
|
+
|
|
18
|
+
1. Is the repo currently public on GitHub or anywhere else? Check
|
|
19
|
+
`gh repo view aoneahsan/native-update --json visibility` and search GitHub
|
|
20
|
+
+ GitLab + public mirrors for `aoneahsan/native-update`.
|
|
21
|
+
2. What is the diff between "what's checked in today" and "what should be
|
|
22
|
+
public"? Run `git ls-files | xargs grep -lE 'AIza|sk_live_|AKIA|-----BEGIN'`
|
|
23
|
+
to list files containing literal secret patterns.
|
|
24
|
+
3. List every `.env*` file currently tracked:
|
|
25
|
+
```bash
|
|
26
|
+
git ls-files | grep -E '\.env(\..+)?$|\.pem$|keystores/|keystore\.properties$|\.jks$|\.keystore$'
|
|
27
|
+
```
|
|
28
|
+
4. **Decide:** rotate-all-then-publish (safe) or scrub-history-then-publish (faster
|
|
29
|
+
but irreversible). Default: rotate-all. Pick the second only if rotation is
|
|
30
|
+
blocked (live PayPal subscriptions in flight, Google OAuth client in use by
|
|
31
|
+
real users, etc.) — and even then, rotate within the next 30 days.
|
|
32
|
+
|
|
33
|
+
---
|
|
34
|
+
|
|
35
|
+
## Step 1 — Rotate every committed secret
|
|
36
|
+
|
|
37
|
+
Treat every secret that has EVER touched git as compromised. Rotate, don't
|
|
38
|
+
re-use. Order: highest-blast-radius first.
|
|
39
|
+
|
|
40
|
+
| Secret | Where it lives | How to rotate |
|
|
41
|
+
|---|---|---|
|
|
42
|
+
| Google OAuth Client Secret | `backend/.env` `GOOGLE_CLIENT_SECRET` | Google Cloud Console → APIs & Services → Credentials → reset client secret. Update on server. Existing Sanctum bearer tokens issued by previous sign-ins keep working until they expire (`SANCTUM_TOKEN_EXPIRATION` minutes); to revoke them all now run `php artisan tinker` then `\App\Models\PersonalAccessToken::truncate()`. |
|
|
43
|
+
| Sanctum personal access tokens | `personal_access_tokens` table | Tokens themselves aren't a config secret, but if you suspect they leaked, mass-revoke: `php artisan tinker` then `\Laravel\Sanctum\PersonalAccessToken::truncate()`. Every user has to sign in again. |
|
|
44
|
+
| Laravel `APP_KEY` | `backend/.env` | `php artisan key:generate --show` → paste into the server's real `.env`. **Important:** changing APP_KEY invalidates all encrypted-cookie sessions and all `encrypted:array` columns (Google Drive OAuth tokens stored on User rows). After rotation, every connected user must reconnect Google Drive. Do this in a maintenance window. |
|
|
45
|
+
| PayPal Live Client Secret | `backend/.env` `PAYPAL_LIVE_CLIENT_SECRET` | developer.paypal.com → My Apps & Credentials → Live → app → Show/regenerate secret. Existing subscriptions keep running on the new credentials. |
|
|
46
|
+
| PayPal Webhook ID | `backend/.env` `PAYPAL_WEBHOOK_ID` | developer.paypal.com → Webhooks → delete the old endpoint, create a new one pointing at the same URL, paste the new `WH-...` id. |
|
|
47
|
+
| FilesHub API key | `backend/.env` `FILESHUB_API_KEY` | fileshub.zaions.com → Account → API keys → revoke + regenerate. Old uploads are still accessible (public URLs) but new uploads will fail until you update the server. |
|
|
48
|
+
| Database password | `backend/.env` `DB_PASSWORD` | Hostinger hPanel (or your DB host) → reset password → update on server. |
|
|
49
|
+
| Mail credentials | `backend/.env` `MAIL_*` | If real credentials are committed, rotate at the mail provider. |
|
|
50
|
+
| Android keystore + key passwords | `keystores/` or `website/android/keystore.properties` | If a keystore is committed, **the app signing identity is compromised**. You cannot rotate this without uploading a new app via Google Play's "Reset upload key" flow, which requires Play Console approval. Avoid committing keystores at all costs — `website/android/keystore.properties` is gitignored by the Batch 8 changes. |
|
|
51
|
+
| Sentry DSN, Amplitude key, Clarity ID, Google Client ID | `website/.env` | These are public-by-design (intended to ship in client JS). No rotation needed. |
|
|
52
|
+
|
|
53
|
+
**Verification after rotation:** every server still works against the new
|
|
54
|
+
secrets BEFORE you scrub history. Don't break prod chasing a clean history.
|
|
55
|
+
|
|
56
|
+
---
|
|
57
|
+
|
|
58
|
+
## Step 2 — Add patterns to `.gitignore` (BEFORE step 3)
|
|
59
|
+
|
|
60
|
+
If you scrub history without updating `.gitignore`, the next dev's `.env` will
|
|
61
|
+
get re-committed. Update `.gitignore` first:
|
|
62
|
+
|
|
63
|
+
```gitignore
|
|
64
|
+
# --- Secrets (added when repo went public on YYYY-MM-DD) -------------------
|
|
65
|
+
.env
|
|
66
|
+
.env.*
|
|
67
|
+
!.env.example
|
|
68
|
+
!.env.test.example
|
|
69
|
+
|
|
70
|
+
backend/.env
|
|
71
|
+
backend/.env.*
|
|
72
|
+
!backend/.env.example
|
|
73
|
+
|
|
74
|
+
website/.env
|
|
75
|
+
website/.env.*
|
|
76
|
+
!website/.env.example
|
|
77
|
+
|
|
78
|
+
backend/storage/oauth-private-key.pem
|
|
79
|
+
backend/storage/app.key
|
|
80
|
+
|
|
81
|
+
# Android signing material
|
|
82
|
+
android/key.properties
|
|
83
|
+
android/app/keystore/
|
|
84
|
+
keystores/
|
|
85
|
+
*.jks
|
|
86
|
+
*.keystore
|
|
87
|
+
|
|
88
|
+
# iOS signing material
|
|
89
|
+
ios/Plugin/PrivateKey.p8
|
|
90
|
+
*.p12
|
|
91
|
+
|
|
92
|
+
# RSA / ECDSA private keys for plugin bundle signing
|
|
93
|
+
*-private.pem
|
|
94
|
+
*.p8
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
Then **remove the explicit "we keep .env in git" note** from the top of
|
|
98
|
+
`.gitignore`.
|
|
99
|
+
|
|
100
|
+
Commit this change in a single, isolated commit so the history shows the policy
|
|
101
|
+
shift cleanly:
|
|
102
|
+
```bash
|
|
103
|
+
git add .gitignore
|
|
104
|
+
git commit -m "chore(security): exclude .env files in preparation for public repo"
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
---
|
|
108
|
+
|
|
109
|
+
## Step 3 — Scrub git history
|
|
110
|
+
|
|
111
|
+
Pick **one** tool. Do this on a fresh local clone, push to a new repo or
|
|
112
|
+
force-push to the same one once verified.
|
|
113
|
+
|
|
114
|
+
### Option A — `git filter-repo` (recommended)
|
|
115
|
+
|
|
116
|
+
```bash
|
|
117
|
+
# Install: https://github.com/newren/git-filter-repo
|
|
118
|
+
pip install git-filter-repo
|
|
119
|
+
|
|
120
|
+
# Fresh clone — destructive, do not work on your daily clone
|
|
121
|
+
git clone --mirror git@github.com:aoneahsan/native-update.git native-update-scrub.git
|
|
122
|
+
cd native-update-scrub.git
|
|
123
|
+
|
|
124
|
+
# Remove tracked secret files from all history
|
|
125
|
+
git filter-repo \
|
|
126
|
+
--invert-paths \
|
|
127
|
+
--path .env \
|
|
128
|
+
--path backend/.env \
|
|
129
|
+
--path website/.env \
|
|
130
|
+
--path website/android/keystore.properties
|
|
131
|
+
|
|
132
|
+
# If specific strings (a leaked AKIA key, a hardcoded Sanctum token, an
|
|
133
|
+
# OAuth client secret literal) need to be redacted:
|
|
134
|
+
echo 'sk_live_0123456789012345678901==>REDACTED' > /tmp/replace.txt
|
|
135
|
+
git filter-repo --replace-text /tmp/replace.txt
|
|
136
|
+
|
|
137
|
+
# Verify locally before pushing
|
|
138
|
+
git log --all --full-history -- .env
|
|
139
|
+
|
|
140
|
+
# Force-push the rewritten history
|
|
141
|
+
git push --force --all
|
|
142
|
+
git push --force --tags
|
|
143
|
+
```
|
|
144
|
+
|
|
145
|
+
### Option B — `bfg-repo-cleaner`
|
|
146
|
+
|
|
147
|
+
```bash
|
|
148
|
+
brew install bfg
|
|
149
|
+
git clone --mirror git@github.com:aoneahsan/native-update.git native-update-scrub.git
|
|
150
|
+
cd native-update-scrub.git
|
|
151
|
+
bfg --delete-files '.env'
|
|
152
|
+
bfg --delete-files 'keystore.properties'
|
|
153
|
+
bfg --replace-text /tmp/replace.txt
|
|
154
|
+
git reflog expire --expire=now --all && git gc --prune=now --aggressive
|
|
155
|
+
git push --force
|
|
156
|
+
```
|
|
157
|
+
|
|
158
|
+
**After force-push:**
|
|
159
|
+
- Tell every collaborator to re-clone. Their old local clones still contain the
|
|
160
|
+
secrets.
|
|
161
|
+
- GitHub caches forks + refs for ~30 days. Open a support ticket asking for a
|
|
162
|
+
cache purge if the leaked secret has not been rotated yet (it shouldn't —
|
|
163
|
+
step 1 ran first).
|
|
164
|
+
|
|
165
|
+
---
|
|
166
|
+
|
|
167
|
+
## Step 4 — Verify the public-facing tree
|
|
168
|
+
|
|
169
|
+
Before flipping repo visibility (`gh repo edit --visibility public --accept-visibility-change-consequences`):
|
|
170
|
+
|
|
171
|
+
- [ ] `git ls-files | grep -iE '\.env(\..+)?$' | grep -v example` returns
|
|
172
|
+
**empty**.
|
|
173
|
+
- [ ] `git log --all --diff-filter=A --pretty=format: --name-only | sort -u | grep -iE '\.env(\..+)?$|keystore\.properties$|\.jks$|\.keystore$|\.pem$' | grep -v example`
|
|
174
|
+
returns **empty** (after history scrub).
|
|
175
|
+
- [ ] `git ls-files | xargs grep -lE 'AIza[0-9A-Za-z_-]{35}|AKIA[0-9A-Z]{16}|sk_live_[0-9a-zA-Z]{20,}|-----BEGIN ((RSA |EC )?PRIVATE KEY|OPENSSH PRIVATE KEY)-----'`
|
|
176
|
+
returns **empty or only fake/demo strings**.
|
|
177
|
+
- [ ] `gh secret-scanning alerts list` (after pushing) shows no critical alerts.
|
|
178
|
+
- [ ] All `[REQUIRED]` secrets in `.env.example` are blank in the example file.
|
|
179
|
+
- [ ] `LICENSE` exists and matches the project license everyone expects.
|
|
180
|
+
- [ ] `SECURITY.md` exists with a security-contact email and a vulnerability
|
|
181
|
+
disclosure policy. Add one if missing.
|
|
182
|
+
- [ ] Backend `config/cors.php` `allowed_origins` is locked to production
|
|
183
|
+
domains; CORS fallback in dev does not expose anything sensitive.
|
|
184
|
+
- [ ] Backend route gates are correct: every `/api/dashboard/*` route has
|
|
185
|
+
`auth:sanctum` middleware AND a `can:<permission>` gate (see
|
|
186
|
+
`backend/routes/api.php`). `/api/admin/*` additionally has the
|
|
187
|
+
`RequireAdmin` middleware. `/api/v1/*` (device endpoints) uses
|
|
188
|
+
`ValidateApiKey`, not Sanctum.
|
|
189
|
+
- [ ] Sample data in seeders / fixtures contains no real user PII.
|
|
190
|
+
- [ ] Internal-only docs (work-history with personal context, vendor-private
|
|
191
|
+
notes) moved to a private folder NOT shipped with the public repo, OR
|
|
192
|
+
sanitized.
|
|
193
|
+
|
|
194
|
+
---
|
|
195
|
+
|
|
196
|
+
## Step 5 — Flip visibility + monitor
|
|
197
|
+
|
|
198
|
+
```bash
|
|
199
|
+
gh repo edit aoneahsan/native-update --visibility public --accept-visibility-change-consequences
|
|
200
|
+
```
|
|
201
|
+
|
|
202
|
+
Then:
|
|
203
|
+
|
|
204
|
+
- Enable **Push protection** for secrets: GitHub repo → Settings → Code
|
|
205
|
+
security → Secret scanning → Push protection → Enable.
|
|
206
|
+
- Enable **Dependency review** in PRs.
|
|
207
|
+
- Enable **Dependabot** alerts + security updates.
|
|
208
|
+
- Subscribe a security inbox to the `gh secret-scanning alerts` webhook.
|
|
209
|
+
- Watch for the next 30 days: search GitHub for the names of the rotated
|
|
210
|
+
secrets to confirm no copy is sitting in someone's fork or gist.
|
|
211
|
+
|
|
212
|
+
---
|
|
213
|
+
|
|
214
|
+
## What this runbook does NOT cover
|
|
215
|
+
|
|
216
|
+
- **License changes.** Going public may require relicensing (especially for
|
|
217
|
+
any vendored code that was MIT-OK in private but needs explicit attribution
|
|
218
|
+
in public). Run `npx license-checker --production` and audit before
|
|
219
|
+
publishing.
|
|
220
|
+
- **Trademark + branding.** "Native Update", logos, and visual assets — confirm
|
|
221
|
+
you can publish them under MIT.
|
|
222
|
+
- **GDPR / contractual obligations.** If user emails or any analytics data sit
|
|
223
|
+
in fixtures or test snapshots, scrub or anonymize before publishing.
|
|
224
|
+
- **PR access policy.** Decide upfront: do you accept public PRs? CONTRIBUTING.md
|
|
225
|
+
needs a review-ladder section.
|
|
226
|
+
|
|
227
|
+
---
|
|
228
|
+
|
|
229
|
+
**Last updated:** 2026-05-08
|
|
230
|
+
**Owner:** Ahsan Mahmood (`aoneahsan@gmail.com`)
|
|
231
|
+
**Companion:** root `.gitignore`, `backend/.env.example`, `website/.env.example`,
|
|
232
|
+
`docs/deployment/PRODUCTION-DEPLOY-CHECKLIST.md`.
|