native-update 1.4.9 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Readme.md +35 -9
- package/android/manifest-additions.xml +28 -0
- package/android/src/main/AndroidManifest.xml +3 -7
- package/android/src/main/java/com/aoneahsan/nativeupdate/BackgroundNotificationManager.kt +21 -13
- package/android/src/main/java/com/aoneahsan/nativeupdate/BackgroundUpdatePlugin.kt +15 -0
- package/android/src/main/java/com/aoneahsan/nativeupdate/BackgroundUpdateWorker.kt +23 -7
- package/android/src/main/java/com/aoneahsan/nativeupdate/LiveUpdatePlugin.kt +346 -31
- package/android/src/main/java/com/aoneahsan/nativeupdate/NativeUpdatePlugin.kt +32 -34
- package/android/src/main/java/com/aoneahsan/nativeupdate/NotificationActionReceiver.kt +10 -1
- package/android/src/main/java/com/aoneahsan/nativeupdate/SecurityManager.kt +18 -18
- package/cli/AGENTS.md +43 -0
- package/cli/CLAUDE.md +65 -0
- package/cli/commands/backend-create.js +56 -15
- package/cli/commands/bundle-create.js +39 -7
- package/cli/commands/monitor.js +72 -51
- package/cli/index.js +10 -24
- package/cli/package.json +11 -3
- package/dist/esm/app-review/app-review-manager.js +0 -1
- package/dist/esm/app-review/index.js +0 -1
- package/dist/esm/app-review/platform-review-handler.js +0 -1
- package/dist/esm/app-review/review-conditions-checker.js +0 -1
- package/dist/esm/app-review/review-rate-limiter.js +0 -1
- package/dist/esm/app-review/types.js +0 -1
- package/dist/esm/app-update/app-update-checker.js +0 -1
- package/dist/esm/app-update/app-update-installer.d.ts +1 -0
- package/dist/esm/app-update/app-update-installer.js +19 -8
- package/dist/esm/app-update/app-update-manager.js +0 -1
- package/dist/esm/app-update/app-update-notifier.js +0 -1
- package/dist/esm/app-update/index.js +0 -1
- package/dist/esm/app-update/platform-app-update.js +12 -3
- package/dist/esm/app-update/types.js +0 -1
- package/dist/esm/background-update/background-scheduler.js +0 -1
- package/dist/esm/background-update/index.js +0 -1
- package/dist/esm/background-update/notification-manager.js +0 -1
- package/dist/esm/config/support.js +0 -1
- package/dist/esm/core/analytics.d.ts +13 -0
- package/dist/esm/core/analytics.js +15 -1
- package/dist/esm/core/cache-manager.js +0 -1
- package/dist/esm/core/config.d.ts +6 -30
- package/dist/esm/core/config.js +1 -8
- package/dist/esm/core/errors.d.ts +1 -0
- package/dist/esm/core/errors.js +1 -1
- package/dist/esm/core/event-emitter.d.ts +0 -3
- package/dist/esm/core/event-emitter.js +8 -3
- package/dist/esm/core/logger.js +0 -1
- package/dist/esm/core/performance.js +0 -1
- package/dist/esm/core/plugin-manager.js +3 -1
- package/dist/esm/core/security.d.ts +22 -3
- package/dist/esm/core/security.js +46 -7
- package/dist/esm/definitions.d.ts +13 -40
- package/dist/esm/definitions.js +0 -1
- package/dist/esm/index.d.ts +3 -4
- package/dist/esm/index.js +3 -3
- package/dist/esm/live-update/bundle-manager.d.ts +8 -0
- package/dist/esm/live-update/bundle-manager.js +20 -1
- package/dist/esm/live-update/certificate-pinning.js +0 -1
- package/dist/esm/live-update/delta-processor.d.ts +1 -1
- package/dist/esm/live-update/delta-processor.js +3 -1
- package/dist/esm/live-update/download-manager.d.ts +36 -5
- package/dist/esm/live-update/download-manager.js +70 -24
- package/dist/esm/live-update/rollout-checker.d.ts +1 -1
- package/dist/esm/live-update/rollout-checker.js +5 -6
- package/dist/esm/live-update/update-manager.d.ts +12 -1
- package/dist/esm/live-update/update-manager.js +38 -11
- package/dist/esm/live-update/version-manager.d.ts +9 -12
- package/dist/esm/live-update/version-manager.js +40 -68
- package/dist/esm/plugin.js +82 -89
- package/dist/esm/security/crypto.js +11 -7
- package/dist/esm/security/validator.js +0 -1
- package/dist/esm/types/rollout.d.ts +85 -0
- package/dist/esm/types/rollout.js +25 -0
- package/dist/esm/web.d.ts +26 -1
- package/dist/esm/web.js +214 -75
- package/dist/plugin.cjs.js +1 -2
- package/dist/plugin.esm.js +1 -2
- package/dist/plugin.js +2 -3
- package/docs/AGENTS.md +38 -0
- package/docs/CHANGELOG.md +275 -0
- package/docs/CLAUDE.md +101 -0
- package/docs/MANUAL-TASKS.md +17 -0
- package/docs/MARKETING_WEBSITE_TRACKER.md +18 -2
- package/docs/MIGRATION.md +170 -0
- package/docs/PACKAGES.md +167 -0
- package/docs/PERFORMANCE.md +110 -0
- package/docs/PROJECT_COMPLETION_TRACKER.md +4 -35
- package/docs/README.md +12 -2
- package/docs/REMAINING_FEATURES.md +123 -76
- package/docs/ROADMAP.md +200 -120
- package/docs/SECURITY-IF-REPO-PUBLIC.md +232 -0
- package/docs/TESTING_REQUIREMENTS.md +1 -112
- package/docs/ai-knowledge-base/00-project-profile.md +38 -0
- package/docs/ai-knowledge-base/01-features.md +46 -0
- package/docs/ai-knowledge-base/02-routes.md +72 -0
- package/docs/ai-knowledge-base/03-tech-stack.md +57 -0
- package/docs/ai-knowledge-base/README.md +23 -0
- package/docs/analytics-tracking.md +37 -0
- package/docs/capacitor-official-plugins.md +46 -0
- package/docs/capawesome-plugins.md +29 -0
- package/docs/deployment/HOSTINGER_DEPLOY.md +370 -0
- package/docs/deployment/PRODUCTION-DEPLOY-CHECKLIST.md +184 -0
- package/docs/docs-site/plan.md +201 -0
- package/docs/docs-site/scope.md +127 -0
- package/docs/docs-site/tracker.json +235 -0
- package/docs/error-handling-tracking.md +37 -0
- package/docs/features/laravel-nova-backend/ASSESSMENT-SUMMARY.md +96 -0
- package/docs/features/laravel-nova-backend/IMPLEMENTATION-PLAN.md +504 -0
- package/docs/features/laravel-nova-backend/progress-tracker.json +184 -0
- package/docs/guides/testing-guide.md +15 -41
- package/docs/package-audit.md +41 -0
- package/docs/play-store/ASO-METADATA.md +5 -0
- package/docs/play-store/DATA-SAFETY.md +5 -0
- package/docs/play-store/DECLARATIONS.md +5 -0
- package/docs/play-store/README.md +27 -0
- package/docs/play-store/RELEASE-NOTES.md +99 -0
- package/docs/play-store/RELEASE-STEPS.md +6 -0
- package/docs/play-store/STORE-LISTING.md +7 -0
- package/docs/play-store/SUBMISSION-CHECKLIST.md +5 -0
- package/docs/production-readiness.md +1 -1
- package/docs/project-audit/2026-05-16/00-FINALIZATION-PLAN.md +123 -0
- package/docs/project-audit/2026-05-16/01-BATCH-PLAN.md +227 -0
- package/docs/project-audit/2026-05-16/02-AUDIT-FINDINGS.md +144 -0
- package/docs/project-audit/2026-05-16/sessions/batch-01.md +42 -0
- package/docs/project-audit/2026-05-16/sessions/batch-02.md +74 -0
- package/docs/project-audit/2026-05-16/sessions/batch-03.md +71 -0
- package/docs/project-audit/2026-05-16/sessions/batch-04.md +88 -0
- package/docs/project-audit/2026-05-16/sessions/batch-05.md +63 -0
- package/docs/project-audit/2026-05-16/sessions/batch-06.md +103 -0
- package/docs/project-audit/2026-05-16/sessions/batch-07.md +61 -0
- package/docs/project-audit/2026-05-16/sessions/batch-08.md +101 -0
- package/docs/project-audit/2026-05-16/sessions/batch-09.md +105 -0
- package/docs/project-audit/2026-05-16/sessions/batch-10.md +102 -0
- package/docs/project-audit/AUDIT-HISTORY.md +74 -0
- package/docs/project-audit/BATCH-PLAN.md +168 -0
- package/docs/project-audit/MARKETING-WEBSITE-FINDINGS-2026-05-11.md +73 -0
- package/docs/project-audit/PRODUCTION-READINESS-AUDIT-2026-05-08.md +275 -0
- package/docs/project-finalization/00-tracker.json +60 -0
- package/docs/project-knowledge-base/01-system-overview.md +227 -0
- package/docs/project-knowledge-base/02-routes-pages-forms-users.md +352 -0
- package/docs/project-knowledge-base/03-tech-stack-modules-services.md +379 -0
- package/docs/project-knowledge-base/04-data-models-integrations.md +244 -0
- package/docs/project-knowledge-base/05-docs-corpus-inventory.md +256 -0
- package/docs/project-knowledge-base/06-operations-testing-legal-content.md +208 -0
- package/docs/project-knowledge-base/README.md +103 -0
- package/docs/project-profiles/native-update-capacitor-update-platform-project-profile-last-updated-2026-05-19.md +81 -0
- package/docs/rules-tracker.md +102 -0
- package/docs/security/PRE-LAUNCH-PENTEST-CHECKLIST.md +116 -0
- package/docs/seo-aeo-rules.json +3043 -0
- package/docs/social-media-marketing/README.md +81 -0
- package/docs/social-media-marketing/posts-batch-01.md +613 -0
- package/docs/social-media-marketing/posts-batch-02.md +528 -0
- package/docs/social-media-marketing/whatsapp-messages-batch-01.md +458 -0
- package/docs/social-media-marketing/whatsapp-status-batch-01.md +355 -0
- package/docs/tracking/finalization-2026-05-16-tracker.json +346 -0
- package/docs/tracking/full-audit-tracker.json +121 -0
- package/docs/tracking/production-readiness-audit-tracker.json +429 -0
- package/docs/tracking/seo-checklist-tracker.json +333 -0
- package/ios/Plugin/BackgroundUpdate/BackgroundUpdatePlugin.swift +66 -9
- package/ios/Plugin/LiveUpdate/LiveUpdatePlugin.swift +306 -52
- package/ios/Plugin/NativeUpdatePlugin.swift +22 -9
- package/ios/Plugin/Security/SecurityManager.swift +13 -14
- package/package.json +37 -38
- package/cli/node_modules/.yarn-integrity +0 -16
- package/cli/node_modules/commander/LICENSE +0 -22
- package/cli/node_modules/commander/Readme.md +0 -1148
- package/cli/node_modules/commander/esm.mjs +0 -16
- package/cli/node_modules/commander/index.js +0 -26
- package/cli/node_modules/commander/lib/argument.js +0 -145
- package/cli/node_modules/commander/lib/command.js +0 -2179
- package/cli/node_modules/commander/lib/error.js +0 -43
- package/cli/node_modules/commander/lib/help.js +0 -462
- package/cli/node_modules/commander/lib/option.js +0 -329
- package/cli/node_modules/commander/lib/suggestSimilar.js +0 -100
- package/cli/node_modules/commander/package-support.json +0 -16
- package/cli/node_modules/commander/package.json +0 -80
- package/cli/node_modules/commander/typings/esm.d.mts +0 -3
- package/cli/node_modules/commander/typings/index.d.ts +0 -884
- package/cli/yarn.lock +0 -8
- package/dist/esm/__tests__/bundle-manager.test.d.ts +0 -1
- package/dist/esm/__tests__/bundle-manager.test.js +0 -151
- package/dist/esm/__tests__/bundle-manager.test.js.map +0 -1
- package/dist/esm/__tests__/config.test.d.ts +0 -1
- package/dist/esm/__tests__/config.test.js +0 -70
- package/dist/esm/__tests__/config.test.js.map +0 -1
- package/dist/esm/__tests__/delta-processor.test.d.ts +0 -1
- package/dist/esm/__tests__/delta-processor.test.js +0 -77
- package/dist/esm/__tests__/delta-processor.test.js.map +0 -1
- package/dist/esm/__tests__/firestore-schema.test.d.ts +0 -1
- package/dist/esm/__tests__/firestore-schema.test.js +0 -74
- package/dist/esm/__tests__/firestore-schema.test.js.map +0 -1
- package/dist/esm/__tests__/integration.test.d.ts +0 -1
- package/dist/esm/__tests__/integration.test.js +0 -78
- package/dist/esm/__tests__/integration.test.js.map +0 -1
- package/dist/esm/__tests__/manifest-reader.test.d.ts +0 -1
- package/dist/esm/__tests__/manifest-reader.test.js +0 -271
- package/dist/esm/__tests__/manifest-reader.test.js.map +0 -1
- package/dist/esm/__tests__/rollout-checker.test.d.ts +0 -1
- package/dist/esm/__tests__/rollout-checker.test.js +0 -210
- package/dist/esm/__tests__/rollout-checker.test.js.map +0 -1
- package/dist/esm/__tests__/security.test.d.ts +0 -1
- package/dist/esm/__tests__/security.test.js +0 -54
- package/dist/esm/__tests__/security.test.js.map +0 -1
- package/dist/esm/__tests__/version-manager.test.d.ts +0 -1
- package/dist/esm/__tests__/version-manager.test.js +0 -45
- package/dist/esm/__tests__/version-manager.test.js.map +0 -1
- package/dist/esm/app-review/app-review-manager.js.map +0 -1
- package/dist/esm/app-review/index.js.map +0 -1
- package/dist/esm/app-review/platform-review-handler.js.map +0 -1
- package/dist/esm/app-review/review-conditions-checker.js.map +0 -1
- package/dist/esm/app-review/review-rate-limiter.js.map +0 -1
- package/dist/esm/app-review/types.js.map +0 -1
- package/dist/esm/app-update/app-update-checker.js.map +0 -1
- package/dist/esm/app-update/app-update-installer.js.map +0 -1
- package/dist/esm/app-update/app-update-manager.js.map +0 -1
- package/dist/esm/app-update/app-update-notifier.js.map +0 -1
- package/dist/esm/app-update/index.js.map +0 -1
- package/dist/esm/app-update/platform-app-update.js.map +0 -1
- package/dist/esm/app-update/types.js.map +0 -1
- package/dist/esm/background-update/background-scheduler.js.map +0 -1
- package/dist/esm/background-update/index.js.map +0 -1
- package/dist/esm/background-update/notification-manager.js.map +0 -1
- package/dist/esm/config/support.js.map +0 -1
- package/dist/esm/core/analytics.js.map +0 -1
- package/dist/esm/core/cache-manager.js.map +0 -1
- package/dist/esm/core/config.js.map +0 -1
- package/dist/esm/core/errors.js.map +0 -1
- package/dist/esm/core/event-emitter.js.map +0 -1
- package/dist/esm/core/logger.js.map +0 -1
- package/dist/esm/core/performance.js.map +0 -1
- package/dist/esm/core/plugin-manager.js.map +0 -1
- package/dist/esm/core/security.js.map +0 -1
- package/dist/esm/definitions.js.map +0 -1
- package/dist/esm/firestore/firestore-client.d.ts +0 -109
- package/dist/esm/firestore/firestore-client.js +0 -264
- package/dist/esm/firestore/firestore-client.js.map +0 -1
- package/dist/esm/firestore/index.d.ts +0 -11
- package/dist/esm/firestore/index.js +0 -11
- package/dist/esm/firestore/index.js.map +0 -1
- package/dist/esm/firestore/manifest-reader.d.ts +0 -87
- package/dist/esm/firestore/manifest-reader.js +0 -294
- package/dist/esm/firestore/manifest-reader.js.map +0 -1
- package/dist/esm/firestore/schema.d.ts +0 -507
- package/dist/esm/firestore/schema.js +0 -73
- package/dist/esm/firestore/schema.js.map +0 -1
- package/dist/esm/index.js.map +0 -1
- package/dist/esm/live-update/bundle-manager.js.map +0 -1
- package/dist/esm/live-update/certificate-pinning.js.map +0 -1
- package/dist/esm/live-update/delta-processor.js.map +0 -1
- package/dist/esm/live-update/download-manager.js.map +0 -1
- package/dist/esm/live-update/rollout-checker.js.map +0 -1
- package/dist/esm/live-update/update-manager.js.map +0 -1
- package/dist/esm/live-update/version-manager.js.map +0 -1
- package/dist/esm/plugin.js.map +0 -1
- package/dist/esm/security/crypto.js.map +0 -1
- package/dist/esm/security/validator.js.map +0 -1
- package/dist/esm/web.js.map +0 -1
- package/dist/plugin.cjs.js.map +0 -1
- package/dist/plugin.esm.js.map +0 -1
- package/dist/plugin.js.map +0 -1
- package/docs/FIREBASE_INTEGRATION_TRACKER.md +0 -321
- package/docs/FIREBASE_QUERIES_AND_INDEXES_AUDIT.md +0 -221
- package/docs/examples/firebase-backend-example.md +0 -27
- package/docs/guides/no-cost-backend-implementation-plan.md +0 -77
- package/docs/guides/no-cost-firestore-google-drive-backend.md +0 -60
- package/docs/play-console-rejection-rules.json +0 -428
- /package/docs/{MARKETING_WEBSITE_PLAN.md → archive/MARKETING_WEBSITE_PLAN.md} +0 -0
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
# Session report — Batch 5
|
|
2
|
+
|
|
3
|
+
**Date:** 2026-05-16
|
|
4
|
+
**Batch:** 5 — Admin pages → TanStack Query
|
|
5
|
+
**Skill invoked:** `tanstack-query-best-practices`
|
|
6
|
+
**Outcome:** All 3 admin pages migrated. The two dashboard pages cited in the audit (DashboardOverview, UploadPage) were already on TanStack Query — audit caught a stale snapshot.
|
|
7
|
+
|
|
8
|
+
## Pages migrated
|
|
9
|
+
|
|
10
|
+
### `website/src/pages/admin/AdminUsersPage.tsx`
|
|
11
|
+
|
|
12
|
+
- `useState` + `useEffect` + `useCallback`-wrapped `loadUsers()` → `useQuery({ queryKey: ['admin', 'users', { page, q }] })`
|
|
13
|
+
- `placeholderData: keepPreviousData` so pagination doesn't flicker the previous page out
|
|
14
|
+
- `page` + `q` moved to URL state via `useUrlNumberState` / `useUrlStringState` (IRON-SOLID URL preservation rule)
|
|
15
|
+
- 300ms debounce on the search input (local state for the input, URL+query update on the trailing edge); auto-reset to page 1 when search term changes
|
|
16
|
+
|
|
17
|
+
### `website/src/pages/admin/AdminAppsPage.tsx`
|
|
18
|
+
|
|
19
|
+
- Same pattern: `useQuery({ queryKey: ['admin', 'apps', { page, q }] })` + `keepPreviousData` + URL state + debounced search
|
|
20
|
+
- Removed the client-side filter that was layered on top of the server filter (was dead code — server already filters by `q`)
|
|
21
|
+
|
|
22
|
+
### `website/src/pages/admin/AdminBuildsPage.tsx`
|
|
23
|
+
|
|
24
|
+
- `useQuery({ queryKey: ['admin', 'builds', { page }] })`
|
|
25
|
+
- Search is still client-side because `/admin/builds` doesn't yet accept a `q` param. URL-synced anyway so reloading restores the filter; a future server-side filter swap is a one-line change to the queryKey + service call.
|
|
26
|
+
- Filter wrapped in `useMemo` reading `data?.data` directly so the dep list is the stable `data` reference (TanStack Query structural sharing), not a fresh array each render.
|
|
27
|
+
|
|
28
|
+
### `website/src/pages/admin/AdminOverview.tsx`
|
|
29
|
+
|
|
30
|
+
- `useQuery({ queryKey: ['admin', 'overview'], select: raw => camelCased })` — uses the qk-perf-select-transform pattern to shape the API's snake_case envelope into the JSX-friendly camelCase
|
|
31
|
+
|
|
32
|
+
## Already-compliant (audit caught stale snapshot)
|
|
33
|
+
|
|
34
|
+
`website/src/pages/dashboard/DashboardOverview.tsx` and `website/src/pages/dashboard/UploadPage.tsx` were already using `useQuery` with proper queryKeys. The audit's "raw Promise.all" finding referred to the `fetchRecentBuilds` helper that's **inside** the `queryFn` — which is exactly the right place for batched fan-out under one cache entry. No changes needed.
|
|
35
|
+
|
|
36
|
+
## Query key contract
|
|
37
|
+
|
|
38
|
+
All admin queries now follow the hierarchical pattern documented in `tanstack-query-best-practices`:
|
|
39
|
+
|
|
40
|
+
```
|
|
41
|
+
['admin', <entity>, { ...filters }]
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
This lets a future role-edit or app-delete mutation invalidate `['admin', 'users']` (or `'apps'`, `'builds'`) and refresh every page+search combination atomically, without nuking the rest of the admin cache. The shared `QueryClient` defaults from `App.tsx` (staleTime 30s, gcTime 5m, refetchOnWindowFocus false, retry 1) are honoured — zero per-query overrides.
|
|
45
|
+
|
|
46
|
+
## Verification
|
|
47
|
+
|
|
48
|
+
| Command | Result |
|
|
49
|
+
|---|---|
|
|
50
|
+
| `yarn --cwd website lint` | exit 0 (1 transient error caught + fixed: unused `useState` import in AdminBuildsPage; 1 dep warning caught + fixed: useMemo dep list now reads stable `data` ref) |
|
|
51
|
+
| `yarn --cwd website typecheck` | exit 0 |
|
|
52
|
+
| `yarn --cwd website build` | exit 0 (16 SEO HTML files generated) |
|
|
53
|
+
|
|
54
|
+
## Audit findings retired
|
|
55
|
+
|
|
56
|
+
| ID | Finding | Resolution |
|
|
57
|
+
|---|---|---|
|
|
58
|
+
| W-5 | Admin pages bypass TanStack Query | All 3 admin pages now use `useQuery` with hierarchical keys + URL-state pagination + `keepPreviousData` |
|
|
59
|
+
| W-6 (partial) | DashboardOverview + UploadPage raw Promise.all | Already on `useQuery` — audit caught stale snapshot |
|
|
60
|
+
|
|
61
|
+
## What's next
|
|
62
|
+
|
|
63
|
+
Batch 6 — console.* cleanup + Firebase comment sweep + VITE_FIREBASE_* env removal.
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
# Session report — Batch 6
|
|
2
|
+
|
|
3
|
+
**Date:** 2026-05-16
|
|
4
|
+
**Batch:** 6 — console.* cleanup + Firebase comment sweep + VITE_FIREBASE_* env cleanup
|
|
5
|
+
**Skill:** trivial pre-check (file edits)
|
|
6
|
+
**Outcome:** All deliverables shipped. Build clean. Legal-page cleanup deferred to Batch 7 (correct ownership).
|
|
7
|
+
|
|
8
|
+
## Changes
|
|
9
|
+
|
|
10
|
+
### `website/src/lib/env.ts` — VITE_FIREBASE_* dropped
|
|
11
|
+
|
|
12
|
+
The post-Socialite frontend no longer needs Firebase config at all. Removed:
|
|
13
|
+
- `VITE_FIREBASE_API_KEY` (was `required: true`)
|
|
14
|
+
- `VITE_FIREBASE_AUTH_DOMAIN`
|
|
15
|
+
- `VITE_FIREBASE_PROJECT_ID`
|
|
16
|
+
- `VITE_FIREBASE_STORAGE_BUCKET`
|
|
17
|
+
- `VITE_FIREBASE_MESSAGING_SENDER_ID`
|
|
18
|
+
- `VITE_FIREBASE_APP_ID`
|
|
19
|
+
- `VITE_FIREBASE_MEASUREMENT_ID`
|
|
20
|
+
- `VITE_GOOGLE_CLIENT_ID` (legacy upload path comment was wrong — Drive OAuth is server-side now)
|
|
21
|
+
- `VITE_ADMIN_EMAILS` (legacy frontend admin enforcement — now server-side via spatie/laravel-permission)
|
|
22
|
+
|
|
23
|
+
The boot screen now reports just **one** required env: `VITE_API_URL`. Lower friction for new contributors and one less cause of "blank screen on deploy."
|
|
24
|
+
|
|
25
|
+
Header comment in `env.ts` documents the removal with the date so the next person who wonders "why is there no Firebase" can find it.
|
|
26
|
+
|
|
27
|
+
### `website/.env.example` — already clean
|
|
28
|
+
|
|
29
|
+
Verified no `VITE_FIREBASE_*` rows present. Existing structure (VITE_API_URL + observability + plugin-docs examples) is the canonical shape.
|
|
30
|
+
|
|
31
|
+
### `website/src/vite-env.d.ts` — already clean
|
|
32
|
+
|
|
33
|
+
Only `vite/client` reference + `__APP_VERSION__` global. No per-key declarations to remove.
|
|
34
|
+
|
|
35
|
+
### Real `console.*` violations: zero
|
|
36
|
+
|
|
37
|
+
The audit reported 16 matches in `website/src/pages/DocsPage.tsx` and 2 in `ExamplesPage.tsx`. Every single one is **inside a backtick template literal** — they're code samples that get rendered in `<pre>` blocks on the docs/examples pages. NOT runtime calls. Verified by reading the surrounding context.
|
|
38
|
+
|
|
39
|
+
Codified: a future stack-audit grep that wants to flag real console.* should add `--exclude-dir=pages/docs --exclude-dir=pages/examples` OR look for occurrences NOT prefixed by `\`` / `${` escapes.
|
|
40
|
+
|
|
41
|
+
### `website/CLAUDE.md` — Firebase references rewritten
|
|
42
|
+
|
|
43
|
+
4 stale references updated:
|
|
44
|
+
- Tech-stack auth row: "Firebase Auth (identity only)" → "Google OAuth via Laravel Socialite + Sanctum + spatie/laravel-permission RBAC"
|
|
45
|
+
- Env section: `VITE_FIREBASE_*` removed; replaced with the single `VITE_API_URL` requirement + server-driven sign-in note
|
|
46
|
+
- Backend architecture identity bullet: rewritten for Socialite + Sanctum
|
|
47
|
+
- Publish flow step 1: rewrote from "Firebase Auth sign-in" to the full OAuth + token-callback chain
|
|
48
|
+
- `Last Updated` bumped 2026-05-04 → 2026-05-16
|
|
49
|
+
|
|
50
|
+
### `website/AGENTS.md` — same fixes
|
|
51
|
+
|
|
52
|
+
- Scope line: Firebase Auth → Google OAuth + Sanctum + spatie
|
|
53
|
+
- Rule #1: Firebase ID token Bearer → Sanctum token; `/api/*` prefix added; `auth-token.ts` storage note
|
|
54
|
+
- `Last Updated` bumped
|
|
55
|
+
|
|
56
|
+
### `website/src/pages/HomePage.tsx:76`
|
|
57
|
+
|
|
58
|
+
Step-02 of the homepage's "how it works" section said *"Use our Node.js or Firebase examples, or build your own endpoint."* The `firebase-backend` example app was deleted in the prior audit (commit 1b82d48 / 2026-05-04 "v3.0.0 — remove Firestore"). Rewrote to mention the canonical options: hosted SaaS, self-host the Laravel + Nova app, or wire your own.
|
|
59
|
+
|
|
60
|
+
## Things left to Batch 7 (correctly scoped)
|
|
61
|
+
|
|
62
|
+
The legal pages still describe Firebase as the active auth/database:
|
|
63
|
+
|
|
64
|
+
- `PrivacyPage.tsx` — lines 185, 186, 204, 205 (auth + database under Firebase)
|
|
65
|
+
- `TermsPage.tsx:139` — "Firebase for authentication and data storage"
|
|
66
|
+
- `SecurityPage.tsx:93, 121` — "Firebase Authentication", "Google Cloud Platform (Firebase)"
|
|
67
|
+
- `CookiePolicyPage.tsx:104, 107, 247, 248` — `firebase-auth-token` cookie row + Firebase third-party section
|
|
68
|
+
|
|
69
|
+
These belong with the Play Store metadata cleanup (Batch 7) because they're user-facing legal content that needs a date bump and a rewrite together, not piecemeal.
|
|
70
|
+
|
|
71
|
+
## Historical comments left in place (accurate)
|
|
72
|
+
|
|
73
|
+
- `bundle-upload-service.ts:6` — "no Firestore write fan-out" (describes architecture)
|
|
74
|
+
- `AboutPage.tsx:32` — v3 changelog entry mentioning the Firestore removal
|
|
75
|
+
- `errorTracking.ts:11` — explains why Firebase Analytics was dropped
|
|
76
|
+
- `format.ts:5–6` — explains why Firestore Timestamp handling was removed
|
|
77
|
+
- `auth-service.ts:8` — "No Firebase" — current state assertion
|
|
78
|
+
- `google-drive-service.ts:10` — explains v3 routing change
|
|
79
|
+
- `ConfigPage.tsx:76` — "no Firestore branch in v3" — current state assertion
|
|
80
|
+
|
|
81
|
+
All accurate documentation of architectural decisions. Removing them would lose context.
|
|
82
|
+
|
|
83
|
+
## Verification
|
|
84
|
+
|
|
85
|
+
| Command | Result |
|
|
86
|
+
|---|---|
|
|
87
|
+
| `yarn --cwd website lint` | exit 0 |
|
|
88
|
+
| `yarn --cwd website build` | exit 0 (16 SEO HTML files generated; 9 discovery files present) |
|
|
89
|
+
| `grep` real-runtime console.* in src (excluding logger + DocsPage doc snippets) | zero |
|
|
90
|
+
| `grep VITE_FIREBASE_` in `lib/env.ts` + `.env.example` + `vite-env.d.ts` | zero |
|
|
91
|
+
|
|
92
|
+
## Audit findings retired
|
|
93
|
+
|
|
94
|
+
| ID | Finding | Resolution |
|
|
95
|
+
|---|---|---|
|
|
96
|
+
| W-7 (partial) | 16 `console.log` in DocsPage / 2 in ExamplesPage | False positive — all inside code-sample template literals |
|
|
97
|
+
| W-8 | `VITE_FIREBASE_*` env keys still defined | All 7 keys removed from `env.ts` (and absent from `.env.example` / `vite-env.d.ts`) |
|
|
98
|
+
| W-9 | Stale Firebase comments in `website/CLAUDE.md` + `AGENTS.md` | Auth references rewritten end-to-end for Socialite + Sanctum |
|
|
99
|
+
| W-10 | HomePage step-02 references deleted firebase-backend example | Replaced with hosted-SaaS / self-host / your-own-endpoint copy |
|
|
100
|
+
|
|
101
|
+
## What's next
|
|
102
|
+
|
|
103
|
+
Batch 7 — Play Store metadata cleanup + legal pages (Privacy / Terms / Cookies / Security) refresh for Sanctum + Laravel.
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
# Session report — Batch 7
|
|
2
|
+
|
|
3
|
+
**Date:** 2026-05-16
|
|
4
|
+
**Batch:** 7 — Play Store metadata + legal pages cleanup
|
|
5
|
+
**Skill:** `copywriting` (applied principles: clarity, no fabrication, honest claims; brief-lock waived because this is factual cleanup of stale Firebase references, not net-new marketing copy)
|
|
6
|
+
**Outcome:** All deliverables shipped. Zero "Firestore" or "Firebase Auth" references remain in user-facing legal content or Play Store metadata.
|
|
7
|
+
|
|
8
|
+
## Changes
|
|
9
|
+
|
|
10
|
+
### Play Store metadata
|
|
11
|
+
|
|
12
|
+
| File | Change |
|
|
13
|
+
|---|---|
|
|
14
|
+
| `website/app-publish-assets/metadata/full-description.md` | "Update metadata is stored in your Firestore project" → "Release metadata is stored in the Native Update backend (a Laravel + MySQL service you can use as a managed SaaS or self-host on your own infrastructure)". "How it works" step 3: "Metadata is written to Firestore" → "Metadata is written to the Laravel backend". |
|
|
15
|
+
| `website/app-publish-assets/metadata/data-safety.md` | Data table row "User ID (Google/Firebase UID)" → "Google account ID (google_id)". New row added for "Name & avatar URL". Encryption section rewritten: tokens are now Sanctum personal access tokens in Capacitor Preferences. Third-party flow tightened to Google OAuth + optional Drive. Permission line corrected: INTERNET is needed to talk to the Laravel backend and Google APIs (not Firestore). |
|
|
16
|
+
| `website/app-publish-assets/metadata/listing-notes.md` | Verified clean — no Firebase references; no changes needed. |
|
|
17
|
+
|
|
18
|
+
### Legal pages (user-facing)
|
|
19
|
+
|
|
20
|
+
| File | Change |
|
|
21
|
+
|---|---|
|
|
22
|
+
| `website/src/pages/PrivacyPage.tsx` | `lastUpdated` + `effectiveDate` → `May 16, 2026`. Section 7 (Data Storage and Security) rewritten to describe Google OAuth → Sanctum personal access tokens (64+ char random, 7-day expiry by default, revoked on sign-out) + Laravel-backed MySQL + the self-host option. Section 8 (Data Sharing and Third Parties) replaced the "Firebase (Google Cloud)" entry with three accurate entries: Google OAuth 2.0 (sign-in only), Google Drive API (only when user connects), PayPal (only on paid plans). |
|
|
23
|
+
| `website/src/pages/TermsPage.tsx` | Date bumped to May 16, 2026. Section 9 (Third-Party Services) "Firebase for authentication and data storage" replaced with three accurate entries (Google OAuth, Google Drive, PayPal). |
|
|
24
|
+
| `website/src/pages/SecurityPage.tsx` | Date bumped. "Authentication Security" section: 6 bullets rewritten describing the Sanctum + Socialite + spatie stack with concrete details (token shape, expiration, rate limiting, RBAC, revocation). "Infrastructure Security" section: 6 bullets rewritten — removed the "hosted on Firebase/SOC certified/99.95% SLA" claims (which would be fabricated for a Laravel app the user can self-host), replaced with the actual operational baseline: HTTPS-only, CORS allowlist via env, CSP headers, audit log, public source code, self-host option. |
|
|
25
|
+
| `website/src/pages/CookiePolicyPage.tsx` | Date bumped. Strictly Necessary Cookies table rewritten: `firebase-auth-token` row replaced with `native-update:auth:token` (with the honest caveat that it's localStorage / Preferences, not a true cookie); `__session` + `csrf_token` rows consolidated into `XSRF-TOKEN / laravel_session` for Laravel + Nova. Third-Party Cookies section rewritten to describe Google's cookies during OAuth + PayPal's cookies on the checkout page. |
|
|
26
|
+
|
|
27
|
+
## Copy principles applied
|
|
28
|
+
|
|
29
|
+
- **No fabricated claims**: removed the "SOC 1/2/3 Certified", "99.95% Uptime SLA", "ISO 27001" lines from SecurityPage. Those were inherited from a Firebase-hosted era and don't truthfully describe a Laravel app a customer can run anywhere. Replaced with the actual operational baseline.
|
|
30
|
+
- **Honest framing over hype**: SecurityPage now says "Public source code so anyone can audit how the system handles your data" — that's true and is a real selling point of an open-source project.
|
|
31
|
+
- **Customer language over company language**: PrivacyPage now spells out what each third party actually receives — "your email address, display name, Google account ID, and profile photo URL" rather than the vaguer "user data."
|
|
32
|
+
- **No overclaiming**: every claim ("64+ character random", "expires after 7 days", "revoked immediately on sign-out") matches what the code actually does — sourced from `OAuthController::handleGoogleCallback`, `config/sanctum.php`, and `AssignUserRole`.
|
|
33
|
+
|
|
34
|
+
## Verification
|
|
35
|
+
|
|
36
|
+
| Command | Result |
|
|
37
|
+
|---|---|
|
|
38
|
+
| `yarn --cwd website lint` | exit 0 |
|
|
39
|
+
| `yarn --cwd website build` | exit 0 (16 SEO HTML files generated) |
|
|
40
|
+
| `grep -i 'firestore\|firebase' website/src/pages/PrivacyPage.tsx TermsPage.tsx CookiePolicyPage.tsx SecurityPage.tsx` | zero matches |
|
|
41
|
+
| `grep -i 'firestore\|firebase' website/app-publish-assets/metadata/` | zero matches |
|
|
42
|
+
|
|
43
|
+
## Audit findings retired
|
|
44
|
+
|
|
45
|
+
| ID | Finding | Resolution |
|
|
46
|
+
|---|---|---|
|
|
47
|
+
| D-3 | Firestore references in Play Store metadata | full-description.md + data-safety.md rewritten |
|
|
48
|
+
| D-4 | Privacy Policy references Firebase Auth | Section 7 + 8 rewritten for OAuth + Sanctum stack |
|
|
49
|
+
| E-2 | Legal pages frozen at 2025-12-27 (141 days stale) | All 4 pages dated 2026-05-16 with content actually reflecting current stack |
|
|
50
|
+
|
|
51
|
+
## Deferred to Batch 10
|
|
52
|
+
|
|
53
|
+
- `postbuild-seo.ts` PAGE_LAST_UPDATED bump (2026-05-08 → 2026-05-16) + softwareVersion JSON-LD bump (2.0.0 → 3.0.1)
|
|
54
|
+
- `AboutPage.tsx`, `FeaturesPage.tsx`, `PricingPage.tsx` visible-date bumps
|
|
55
|
+
- Sitemap.xml lastmod regeneration
|
|
56
|
+
|
|
57
|
+
These are formally scoped to Batch 10 (SEO refresh) and don't belong in this commit.
|
|
58
|
+
|
|
59
|
+
## What's next
|
|
60
|
+
|
|
61
|
+
Batch 8 — Android signing config + ProGuard / R8 + Play Store build runbook.
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
# Session report — Batch 8
|
|
2
|
+
|
|
3
|
+
**Date:** 2026-05-16
|
|
4
|
+
**Batch:** 8 — Android signing config + ProGuard / R8 + Play Store build runbook
|
|
5
|
+
**Skill invoked:** `capacitor-app-store`
|
|
6
|
+
**Outcome:** All deliverables shipped. The website is now Play-Store-publishable end-to-end once the user generates a keystore + populates `keystore.properties`.
|
|
7
|
+
|
|
8
|
+
## Changes
|
|
9
|
+
|
|
10
|
+
### `website/android/keystore.properties.example` — new
|
|
11
|
+
|
|
12
|
+
Template for the gitignored `keystore.properties`. Includes the exact `keytool -genkey -v …` command, the recommended out-of-repo storage path, and a warning that losing the key = losing the Play Store listing forever.
|
|
13
|
+
|
|
14
|
+
### `website/android/.gitignore`
|
|
15
|
+
|
|
16
|
+
Lines 56–59 had the keystore lines commented out (the Android Studio default). Uncommented:
|
|
17
|
+
|
|
18
|
+
```
|
|
19
|
+
*.jks
|
|
20
|
+
*.keystore
|
|
21
|
+
keystore.properties
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
…with an inline comment explaining why the signing key is the single point of identity for the listing.
|
|
25
|
+
|
|
26
|
+
### `website/android/app/build.gradle` — release signing + ProGuard
|
|
27
|
+
|
|
28
|
+
Top of file: loads `rootProject.file("keystore.properties")` if it exists. The flag `hasReleaseKeystore` gates whether the release `signingConfigs.release` block + `buildTypes.release.signingConfig` are wired up.
|
|
29
|
+
|
|
30
|
+
If the file is missing, `bundleRelease` falls back to the debug signing config so unsigned builds still produce an AAB locally — that AAB will be rejected by Play Store upload, which is the safety we want (no accidental ship of an unsigned AAB).
|
|
31
|
+
|
|
32
|
+
`buildTypes.release`:
|
|
33
|
+
- `minifyEnabled true` (was `false`) — enables R8.
|
|
34
|
+
- `shrinkResources true` — added — prunes unused drawables/strings from the APK.
|
|
35
|
+
- `proguardFiles` switched from `proguard-android.txt` to `proguard-android-optimize.txt` for a tighter baseline.
|
|
36
|
+
|
|
37
|
+
### `website/android/app/proguard-rules.pro` — rewritten
|
|
38
|
+
|
|
39
|
+
The old file was the Android Studio default stub. Replaced with:
|
|
40
|
+
|
|
41
|
+
- `@CapacitorPlugin`-annotated class keep rules + `@PluginMethod` member keep rules
|
|
42
|
+
- WebView `@JavascriptInterface` member keep rule
|
|
43
|
+
- Cordova plugin keep rules (Capacitor wraps cordova plugins)
|
|
44
|
+
- `com.aoneahsan.nativeupdate.**` defensive keep (in case the published plugin is ever wrapped here)
|
|
45
|
+
- `androidx.**` dontwarn
|
|
46
|
+
- Kotlin metadata + annotation preservation
|
|
47
|
+
- `SourceFile,LineNumberTable` keep + `renamesourcefileattribute` so Play Console crash stack traces remain useful
|
|
48
|
+
|
|
49
|
+
### `website/android/app/src/main/res/xml/network_security_config.xml` — new
|
|
50
|
+
|
|
51
|
+
HTTPS-only `base-config` with `cleartextTrafficPermitted="false"`. `debug-overrides` allow cleartext to `localhost`, `10.0.2.2` (Android emulator loopback), and the common LAN ranges (`192.168.0.0`, `192.168.1.0`) so a developer can point a debug build at the Laravel dev server on `:5946` without flipping the production setting.
|
|
52
|
+
|
|
53
|
+
### `website/android/app/src/main/AndroidManifest.xml`
|
|
54
|
+
|
|
55
|
+
Added to `<application>`:
|
|
56
|
+
- `android:networkSecurityConfig="@xml/network_security_config"`
|
|
57
|
+
- `android:usesCleartextTraffic="false"` (explicit belt-and-braces with the config above)
|
|
58
|
+
|
|
59
|
+
### `website/BUILD_FOR_PLAY_STORE.md` — new
|
|
60
|
+
|
|
61
|
+
10-section runbook covering:
|
|
62
|
+
|
|
63
|
+
1. Prerequisites (Play Developer account, JDK, SDK, package-name claim)
|
|
64
|
+
2. ONE-TIME keystore generation with the exact `keytool -genkey` command + backup advice
|
|
65
|
+
3. Wiring keystore.properties into Gradle + `git check-ignore` sanity check
|
|
66
|
+
4. Version bumping rules (versionCode monotonic, versionName semver)
|
|
67
|
+
5. Web build + `cap sync` step
|
|
68
|
+
6. `./gradlew bundleRelease` + `keytool -printcert` verification that the output is signed with the user's keystore (not debug)
|
|
69
|
+
7. Play Console upload + the seven things to double-check before submitting
|
|
70
|
+
8. Internal-testing track recommendation before production
|
|
71
|
+
9. Updates / phased rollout
|
|
72
|
+
10. Troubleshooting matrix (keystore tampered, signature mismatch, NoClassDefFoundError, white screen, target SDK, OAuth redirect mismatch)
|
|
73
|
+
|
|
74
|
+
Plus a file-map appendix linking every Android-publishing artifact in the repo.
|
|
75
|
+
|
|
76
|
+
## Verification
|
|
77
|
+
|
|
78
|
+
| Command | Result |
|
|
79
|
+
|---|---|
|
|
80
|
+
| `yarn --cwd website lint` | exit 0 |
|
|
81
|
+
| `yarn --cwd website build` | exit 0 (16 SEO HTML files generated; all 9 discovery files present) |
|
|
82
|
+
| `yarn --cwd website` + `npx cap sync android` | succeeded — 3 Capacitor plugins detected (preferences + privacy-screen + app-shortcuts) |
|
|
83
|
+
| `./gradlew help -q` | exit 0 — gradle config parses cleanly |
|
|
84
|
+
| `git check-ignore website/android/keystore.properties` (with file present) | would return the path, confirming gitignore is wired (verified the rules; the file isn't created until the user runs step 3 of the runbook) |
|
|
85
|
+
|
|
86
|
+
I deliberately did **not** run `./gradlew assembleDebug` end-to-end — it requires online dependency resolution and would take 5–10 minutes for a one-time sanity check. `./gradlew help` exercises the same Gradle config evaluation, which is enough to catch syntax errors. The runbook documents the AAB-producing commands the user will run with their keystore.
|
|
87
|
+
|
|
88
|
+
## Audit findings retired
|
|
89
|
+
|
|
90
|
+
| ID | Finding | Resolution |
|
|
91
|
+
|---|---|---|
|
|
92
|
+
| D-1 | No `signingConfigs.release` block in build.gradle | Added; env-driven via `keystore.properties` |
|
|
93
|
+
| D-2 | `minifyEnabled = false` on release | Set to `true` + `shrinkResources true`; ProGuard rules expanded |
|
|
94
|
+
| D-5 | No `BUILD_FOR_PLAY_STORE.md` runbook | Written — 10 sections, troubleshooting matrix, file map |
|
|
95
|
+
| D-6 | `keystore.properties` not gitignored | Added explicit `*.jks` + `*.keystore` + `keystore.properties` rules |
|
|
96
|
+
| D-7 | No `network_security_config.xml` | Created — HTTPS-only prod, localhost cleartext debug |
|
|
97
|
+
| D-8 | Missing `usesCleartextTraffic` declaration | Added `android:usesCleartextTraffic="false"` on `<application>` |
|
|
98
|
+
|
|
99
|
+
## What's next
|
|
100
|
+
|
|
101
|
+
Batch 9 — branded app icons + splash screen color + screenshot capture guide.
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
# Session report — Batch 9
|
|
2
|
+
|
|
3
|
+
**Date:** 2026-05-16
|
|
4
|
+
**Batch:** 9 — Branded app icons + splash + screenshot capture guide
|
|
5
|
+
**Skill invoked:** `capacitor-splash-screen`
|
|
6
|
+
**Outcome:** All deliverables shipped. Android launcher icons, adaptive icons, splash drawables (port + land × 5 densities + root), Play Store 512 + 1024 icons, and feature graphic PNG are all rendered from the existing SVG sources and committed.
|
|
7
|
+
|
|
8
|
+
## Changes
|
|
9
|
+
|
|
10
|
+
### Launcher icons rendered from `icon-512.svg`
|
|
11
|
+
|
|
12
|
+
15 PNGs in `website/android/app/src/main/res/mipmap-*/`:
|
|
13
|
+
|
|
14
|
+
| Density | ic_launcher.png | ic_launcher_round.png | ic_launcher_foreground.png |
|
|
15
|
+
|---|---|---|---|
|
|
16
|
+
| mdpi (1×) | 48×48 | 48×48 | 108×108 |
|
|
17
|
+
| hdpi (1.5×) | 72×72 | 72×72 | 162×162 |
|
|
18
|
+
| xhdpi (2×) | 96×96 | 96×96 | 216×216 |
|
|
19
|
+
| xxhdpi (3×) | 144×144 | 144×144 | 324×324 |
|
|
20
|
+
| xxxhdpi (4×) | 192×192 | 192×192 | 432×432 |
|
|
21
|
+
|
|
22
|
+
Replaced the default Capacitor blue logo with the Native Update brand mark (deep-blue → cyan gradient with the upward-arrow logo). The foreground PNGs are the inner 108dp viewport that Android composites against the background colour, leaving the OS launcher (Pixel Launcher, Samsung One UI, etc.) free to mask the result into a circle / square / squircle depending on user preference.
|
|
23
|
+
|
|
24
|
+
### Adaptive-icon background colour
|
|
25
|
+
|
|
26
|
+
`android/app/src/main/res/values/ic_launcher_background.xml`: flat-white (`#FFFFFF`, the Android-Studio default) → brand-dark blue (`#1E3A8A`, matching the gradient-start from `icon-adaptive-background.svg`). Header comment explains how to swap to a real gradient drawable later if the brand evolves.
|
|
27
|
+
|
|
28
|
+
### Splash drawables rendered from new `splash-master.svg`
|
|
29
|
+
|
|
30
|
+
New source: `website/app-publish-assets/icons/splash-master.svg` — 2732×2732 master with the logo centered at ~30% of the canvas on the `#0A0F1A` brand-dark background (matches `capacitor.config.ts` SplashScreen `backgroundColor` so there's no flash on splash hide).
|
|
31
|
+
|
|
32
|
+
11 PNGs rendered:
|
|
33
|
+
|
|
34
|
+
| Density | Portrait | Landscape |
|
|
35
|
+
|---|---|---|
|
|
36
|
+
| mdpi | 320×480 | 480×320 |
|
|
37
|
+
| hdpi | 480×800 | 800×480 |
|
|
38
|
+
| xhdpi | 720×1280 | 1280×720 |
|
|
39
|
+
| xxhdpi | 960×1600 | 1600×960 |
|
|
40
|
+
| xxxhdpi | 1280×1920 | 1920×1280 |
|
|
41
|
+
| (root) drawable/splash.png | 480×800 (mdpi fallback) | n/a |
|
|
42
|
+
|
|
43
|
+
### Play Store store-listing graphics
|
|
44
|
+
|
|
45
|
+
| File | Size | Purpose |
|
|
46
|
+
|---|---|---|
|
|
47
|
+
| `app-publish-assets/icons/icon-512.png` | 512×512 | Required: Play Console "App icon" upload |
|
|
48
|
+
| `app-publish-assets/icons/icon-1024.png` | 1024×1024 | Optional: high-res variant for marketing surfaces |
|
|
49
|
+
| `app-publish-assets/feature-graphics/feature-1024x500.png` | 1024×500 | Required: Play Console "Feature graphic" |
|
|
50
|
+
|
|
51
|
+
The icons themselves were rendered straight from `icon-512.svg`; the feature graphic was already authored as an SVG (`feature-1024x500.svg`), I rendered the PNG variant.
|
|
52
|
+
|
|
53
|
+
### Screenshot capture runbook
|
|
54
|
+
|
|
55
|
+
`website/app-publish-assets/screenshots/CAPTURE-GUIDE.md` — 7-section runbook:
|
|
56
|
+
|
|
57
|
+
1. Spec table (1080×2400 recommended, PNG, 2–8 phone shots)
|
|
58
|
+
2. The 7-screen story the screenshots should tell (sign-in → dashboard → apps → upload → builds → theme customizer → about)
|
|
59
|
+
3. Emulator workflow with the exact `cap sync` + `installDebug` commands
|
|
60
|
+
4. Real-device workflow with `adb exec-out screencap` commands
|
|
61
|
+
5. Post-capture: rename, spot-check, optimise (`oxipng` / `pngquant`), upload order
|
|
62
|
+
6. Anti-patterns: no fabricated features, no third-party brand marks, no fake user-counts, no real customer data
|
|
63
|
+
7. File-map cross-reference linking the guide to the rest of the publishing artefacts
|
|
64
|
+
|
|
65
|
+
The user captures the actual screenshots (8 PNGs per locale max) — that step is genuinely user-side because it requires running the app on a real device or emulator.
|
|
66
|
+
|
|
67
|
+
### `cap sync` after asset changes
|
|
68
|
+
|
|
69
|
+
Re-ran `npx cap sync android` to confirm the new PNGs are picked up. Sync output unchanged: 3 plugins detected (preferences + privacy-screen + app-shortcuts), no warnings.
|
|
70
|
+
|
|
71
|
+
## Verification
|
|
72
|
+
|
|
73
|
+
| Command | Result |
|
|
74
|
+
|---|---|
|
|
75
|
+
| `rsvg-convert` × 17 launcher icons | All written, file sizes range 1.8 KB (mdpi) → 10 KB (xxxhdpi) |
|
|
76
|
+
| `rsvg-convert` × 11 splash drawables | All written, port + land at 5 densities + 1 root |
|
|
77
|
+
| `rsvg-convert` × 3 Play Store graphics | 512 PNG, 1024 PNG, feature 1024×500 PNG |
|
|
78
|
+
| `npx cap sync android` | exit 0; 3 plugins detected |
|
|
79
|
+
| `yarn --cwd website lint` | exit 0 |
|
|
80
|
+
|
|
81
|
+
## Audit findings retired
|
|
82
|
+
|
|
83
|
+
| ID | Finding | Resolution |
|
|
84
|
+
|---|---|---|
|
|
85
|
+
| D-9 | Default Capacitor app icons across all mipmap densities | All 15 launcher PNGs replaced with brand-rendered |
|
|
86
|
+
| D-10 | Adaptive-icon background was flat white | Set to `#1E3A8A` matching brand gradient |
|
|
87
|
+
| D-11 | Splash images were default Capacitor branded | 11 splash PNGs replaced with brand-rendered (logo centered on `#0A0F1A`) |
|
|
88
|
+
| D-12 | No 512×512 Play Store icon PNG | Rendered to `app-publish-assets/icons/icon-512.png` |
|
|
89
|
+
| D-13 | No 1024×500 feature graphic PNG | Rendered to `app-publish-assets/feature-graphics/feature-1024x500.png` |
|
|
90
|
+
| D-14 | No screenshot capture runbook | `CAPTURE-GUIDE.md` written |
|
|
91
|
+
|
|
92
|
+
## User-side actions for Play Store
|
|
93
|
+
|
|
94
|
+
The runbook spells these out but here's the executive summary of what's left for the user to do (cannot be automated by an agent):
|
|
95
|
+
|
|
96
|
+
1. **Generate the release keystore** (per `BUILD_FOR_PLAY_STORE.md` § 2) — one-time, takes 30 seconds. Back it up to a password manager.
|
|
97
|
+
2. **Create the Play Console app** (free for the existing $25 developer account; reuse the listing if you've already claimed `com.aoneahsan.nativeupdate`).
|
|
98
|
+
3. **Capture 4–6 phone screenshots** following `CAPTURE-GUIDE.md`. Save under `app-publish-assets/screenshots/`.
|
|
99
|
+
4. **Run `./gradlew bundleRelease`** to produce the signed AAB.
|
|
100
|
+
5. **Upload to Play Console** → fill in the Data Safety form using `app-publish-assets/metadata/data-safety.md` as the source.
|
|
101
|
+
6. **Submit for review** — first review typically lands in 24–72 hours.
|
|
102
|
+
|
|
103
|
+
## What's next
|
|
104
|
+
|
|
105
|
+
Batch 10 — final SEO date refresh + JSON-LD softwareVersion bump + sitemap regeneration + audit closure with 7-day cooldown.
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
# Session report — Batch 10 (FINAL)
|
|
2
|
+
|
|
3
|
+
**Date:** 2026-05-16
|
|
4
|
+
**Batch:** 10 — SEO date refresh + audit closure
|
|
5
|
+
**Skill invoked:** `stack-audit` (Phase 0+1 verification only; deep audit was Phase 1 of session)
|
|
6
|
+
**Outcome:** All 10 batches CLOSED. Flow complete. Cooldown 2026-05-23.
|
|
7
|
+
|
|
8
|
+
## Changes
|
|
9
|
+
|
|
10
|
+
### SEO date + version refresh
|
|
11
|
+
|
|
12
|
+
| File | Change |
|
|
13
|
+
|---|---|
|
|
14
|
+
| `website/postbuild-seo.ts` | 3× `Last updated 2026-05-08` → `2026-05-16` (inline strings on lines 138, 192, 269) |
|
|
15
|
+
| `website/postbuild-seo.ts:431` | `softwareVersion: '2.0.0'` → `'3.0.1'` (matches `package.json` and prevents JSON-LD drift) |
|
|
16
|
+
| `website/src/pages/AboutPage.tsx:10` | `PAGE_LAST_UPDATED = '2026-05-08'` → `'2026-05-16'` |
|
|
17
|
+
| `website/src/pages/FeaturesPage.tsx:17` | same |
|
|
18
|
+
| `website/src/pages/PricingPage.tsx:9` | same |
|
|
19
|
+
| `website/public/sitemap.xml`, `website/public/sitemap-index.json`, `website/public/feed.xml` | Auto-regenerated by `yarn build` postbuild pipeline. Every public URL now carries 2026-05-16 `<lastmod>`. |
|
|
20
|
+
|
|
21
|
+
### Stack-audit verification
|
|
22
|
+
|
|
23
|
+
Per the `stack-audit` skill framework — abbreviated since the deep parallel-Explore was done at Phase 1 of this session and produced the entire 10-batch plan we just closed.
|
|
24
|
+
|
|
25
|
+
**Phase 0 — banned-package grep:**
|
|
26
|
+
```
|
|
27
|
+
grep -nE "@capacitor-firebase/(crashlytics|performance)|@capawesome/capacitor-torch" \
|
|
28
|
+
package.json website/package.json backend/composer.json
|
|
29
|
+
```
|
|
30
|
+
→ zero hits.
|
|
31
|
+
|
|
32
|
+
**Phase 1 — detected stack:**
|
|
33
|
+
- Radix UI: yes (14 `@radix-ui/react-*` packages)
|
|
34
|
+
- Firebase: **NO** (removed in plugin v3.0.0 + auth swap 2026-05-11)
|
|
35
|
+
- TanStack Query: yes (admin pages migrated in Batch 5)
|
|
36
|
+
- TanStack Table: no — not used anywhere; admin lists use plain `<Table>` from `components/ui/`. Per the workspace IRON-SOLID rule, this is OK because the lists have only 1 of {sort/filter/paginate/column-toggle} (just paginate) — the rule only kicks in at 2 of those.
|
|
37
|
+
- TanStack Router: no — uses `react-router-dom`
|
|
38
|
+
- TanStack Form: no
|
|
39
|
+
- Capacitor: yes (8.3.1; website wrap)
|
|
40
|
+
- react-hook-form + zod + @hookform/resolvers: yes
|
|
41
|
+
- React: yes (19.x)
|
|
42
|
+
|
|
43
|
+
### Documentation closure
|
|
44
|
+
|
|
45
|
+
| File | Change |
|
|
46
|
+
|---|---|
|
|
47
|
+
| `CLAUDE.md` | New 2026-05-16 row in the Audit Record table with full per-batch summary; `Last Updated` bumped 2026-05-06 → 2026-05-16 |
|
|
48
|
+
| `AGENTS.md` | Bumped `Last Updated`; added closure paragraph linking back to `docs/project-audit/2026-05-16/` + the tracker |
|
|
49
|
+
| `docs/tracking/finalization-2026-05-16-tracker.json` | All 10 batches `status: completed`; `lastRun.status='complete'`; `lastRun.completedAt=2026-05-16`; `lastRun.nextAllowedRunAfter=2026-05-23` |
|
|
50
|
+
|
|
51
|
+
## Final verification (all green)
|
|
52
|
+
|
|
53
|
+
| Surface | Command | Result |
|
|
54
|
+
|---|---|---|
|
|
55
|
+
| Website | `yarn --cwd website build` | exit 0; 16 per-route SEO HTML files generated; all 9 discovery files present (robots.txt, sitemap.xml, sitemap-index.json, feed.xml, llms.txt, llms-full.txt, ai.txt, humans.txt, .well-known/security.txt) |
|
|
56
|
+
| Website (lint) | `yarn --cwd website lint` | exit 0 |
|
|
57
|
+
| Capacitor sync | `npx cap sync android` | exit 0; 3 plugins detected (`@capacitor/preferences`, `@capacitor/privacy-screen`, `@capawesome/capacitor-app-shortcuts`) |
|
|
58
|
+
| Root plugin | `yarn build` | exit 0; `dist/plugin.{js,cjs.js,esm.js}` produced |
|
|
59
|
+
| Root plugin tests | `yarn test:run` | **62 passed (62)**, 1.59s — was 53/62 at session start |
|
|
60
|
+
| Backend tests | `cd backend && php artisan test --without-tty` | **136 passed (314 assertions), 4.77s** — was 110/110 baseline; net +26 tests |
|
|
61
|
+
| Android gradle | `./gradlew help -q` | exit 0 — config parses (signing + ProGuard configured) |
|
|
62
|
+
|
|
63
|
+
## Net deltas across the 10-batch flow
|
|
64
|
+
|
|
65
|
+
| Metric | Before | After |
|
|
66
|
+
|---|---|---|
|
|
67
|
+
| ESLint errors (website) | 11 | 0 |
|
|
68
|
+
| Plugin integration tests | 53/62 | 62/62 |
|
|
69
|
+
| Backend tests | 110/110 | **136/136** (+26 covering OAuth/Sanctum/Roles) |
|
|
70
|
+
| `console.*` outside logger | 18 reported (all template-literal false-positives) | 0 real |
|
|
71
|
+
| `VITE_FIREBASE_*` env keys | 7 stale required keys | 0 |
|
|
72
|
+
| Firestore/Firebase refs in legal pages | 9 | 0 |
|
|
73
|
+
| Firestore refs in Play Store metadata | 3 | 0 |
|
|
74
|
+
| Legal-page Last Updated drift | 141 days (2025-12-27) | 0 (2026-05-16) |
|
|
75
|
+
| Capacitor wrap signing config | none | env-driven via `keystore.properties` (gitignored) |
|
|
76
|
+
| Branded launcher PNGs | 0 | 15 (mipmap-* × 5 densities × 3 variants) |
|
|
77
|
+
| Branded splash PNGs | 0 | 11 (port + land × 5 + root) |
|
|
78
|
+
| Play Store icon PNGs | 0 | 3 (512, 1024, 1024×500 feature graphic) |
|
|
79
|
+
| Documentation pages added | — | 4 (`BUILD_FOR_PLAY_STORE.md`, `CAPTURE-GUIDE.md`, 10 batch session reports, finalization plan + batch plan + findings) |
|
|
80
|
+
| Lines of code changed | — | ~3000 across 60+ files |
|
|
81
|
+
| Commits this session | — | 10 (one per batch, all pushed) |
|
|
82
|
+
|
|
83
|
+
## User-side actions remaining (cannot be automated)
|
|
84
|
+
|
|
85
|
+
These are explicit, none deferred or "TBD":
|
|
86
|
+
|
|
87
|
+
1. **Generate Android release keystore** — one-time, per `website/BUILD_FOR_PLAY_STORE.md` § 2.
|
|
88
|
+
2. **Create / claim the Play Console listing** for `com.aoneahsan.nativeupdate`.
|
|
89
|
+
3. **Capture 4–8 phone screenshots** per `website/app-publish-assets/screenshots/CAPTURE-GUIDE.md`.
|
|
90
|
+
4. **Build signed AAB**: `cd website/android && ./gradlew bundleRelease` after `keystore.properties` is filled.
|
|
91
|
+
5. **Upload AAB to Play Console** + fill Data Safety form from `website/app-publish-assets/metadata/data-safety.md`.
|
|
92
|
+
6. **Backend deploy**: follow `docs/deployment/PRODUCTION-DEPLOY-CHECKLIST.md` (now accurate for the Sanctum stack).
|
|
93
|
+
7. **Verify Google OAuth client** in Google Cloud Console has the production redirect URIs (`${API_URL}/auth/google/callback` + `${API_URL}/api/dashboard/google-drive/callback`).
|
|
94
|
+
8. **Submit for Play Store review** — first review typically lands in 24–72 hours.
|
|
95
|
+
|
|
96
|
+
## Cooldown contract
|
|
97
|
+
|
|
98
|
+
- Next allowed re-run of this audit prompt: **2026-05-23**.
|
|
99
|
+
- Override conditions: broken build/tests, production incident, new high-severity CVE in a dependency, major API change, explicit user bypass.
|
|
100
|
+
- If today < `next_allowed_run_after` and none of the overrides fire, the next instance of this prompt MUST skip and surface the cooldown date + the closure summary above.
|
|
101
|
+
|
|
102
|
+
## Flow CLOSED
|