native-update 2.0.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (258) hide show
  1. package/Readme.md +28 -14
  2. package/android/manifest-additions.xml +28 -0
  3. package/android/src/main/AndroidManifest.xml +3 -7
  4. package/android/src/main/java/com/aoneahsan/nativeupdate/BackgroundNotificationManager.kt +21 -13
  5. package/android/src/main/java/com/aoneahsan/nativeupdate/LiveUpdatePlugin.kt +196 -29
  6. package/android/src/main/java/com/aoneahsan/nativeupdate/NativeUpdatePlugin.kt +21 -36
  7. package/cli/AGENTS.md +15 -1
  8. package/cli/CLAUDE.md +15 -1
  9. package/cli/commands/backend-create.js +56 -15
  10. package/cli/commands/bundle-create.js +39 -7
  11. package/cli/commands/monitor.js +72 -51
  12. package/cli/index.js +10 -24
  13. package/cli/package.json +11 -3
  14. package/dist/esm/app-review/app-review-manager.js +0 -1
  15. package/dist/esm/app-review/index.js +0 -1
  16. package/dist/esm/app-review/platform-review-handler.js +0 -1
  17. package/dist/esm/app-review/review-conditions-checker.js +0 -1
  18. package/dist/esm/app-review/review-rate-limiter.js +0 -1
  19. package/dist/esm/app-review/types.js +0 -1
  20. package/dist/esm/app-update/app-update-checker.js +0 -1
  21. package/dist/esm/app-update/app-update-installer.d.ts +1 -0
  22. package/dist/esm/app-update/app-update-installer.js +19 -8
  23. package/dist/esm/app-update/app-update-manager.js +0 -1
  24. package/dist/esm/app-update/app-update-notifier.js +0 -1
  25. package/dist/esm/app-update/index.js +0 -1
  26. package/dist/esm/app-update/platform-app-update.js +12 -3
  27. package/dist/esm/app-update/types.js +0 -1
  28. package/dist/esm/background-update/background-scheduler.js +0 -1
  29. package/dist/esm/background-update/index.js +0 -1
  30. package/dist/esm/background-update/notification-manager.js +0 -1
  31. package/dist/esm/config/support.js +0 -1
  32. package/dist/esm/core/analytics.d.ts +13 -0
  33. package/dist/esm/core/analytics.js +15 -1
  34. package/dist/esm/core/cache-manager.js +0 -1
  35. package/dist/esm/core/config.d.ts +0 -15
  36. package/dist/esm/core/config.js +0 -4
  37. package/dist/esm/core/errors.d.ts +1 -0
  38. package/dist/esm/core/errors.js +1 -1
  39. package/dist/esm/core/event-emitter.d.ts +0 -3
  40. package/dist/esm/core/event-emitter.js +8 -3
  41. package/dist/esm/core/logger.js +0 -1
  42. package/dist/esm/core/performance.js +0 -1
  43. package/dist/esm/core/plugin-manager.js +3 -1
  44. package/dist/esm/core/security.d.ts +11 -0
  45. package/dist/esm/core/security.js +27 -1
  46. package/dist/esm/definitions.d.ts +0 -11
  47. package/dist/esm/definitions.js +0 -1
  48. package/dist/esm/index.d.ts +3 -2
  49. package/dist/esm/index.js +3 -1
  50. package/dist/esm/live-update/bundle-manager.d.ts +8 -0
  51. package/dist/esm/live-update/bundle-manager.js +20 -1
  52. package/dist/esm/live-update/certificate-pinning.js +0 -1
  53. package/dist/esm/live-update/delta-processor.d.ts +1 -1
  54. package/dist/esm/live-update/delta-processor.js +3 -1
  55. package/dist/esm/live-update/download-manager.js +9 -2
  56. package/dist/esm/live-update/rollout-checker.d.ts +1 -1
  57. package/dist/esm/live-update/rollout-checker.js +5 -6
  58. package/dist/esm/live-update/update-manager.js +0 -1
  59. package/dist/esm/live-update/version-manager.d.ts +0 -12
  60. package/dist/esm/live-update/version-manager.js +0 -68
  61. package/dist/esm/plugin.js +69 -43
  62. package/dist/esm/security/crypto.js +11 -7
  63. package/dist/esm/security/validator.js +0 -1
  64. package/dist/esm/types/rollout.d.ts +85 -0
  65. package/dist/esm/types/rollout.js +25 -0
  66. package/dist/esm/web.d.ts +8 -0
  67. package/dist/esm/web.js +148 -54
  68. package/dist/plugin.cjs.js +1 -2
  69. package/dist/plugin.esm.js +1 -2
  70. package/dist/plugin.js +2 -3
  71. package/docs/CHANGELOG.md +124 -0
  72. package/docs/CLAUDE.md +1 -1
  73. package/docs/MANUAL-TASKS.md +17 -0
  74. package/docs/MARKETING_WEBSITE_TRACKER.md +18 -2
  75. package/docs/MIGRATION.md +83 -0
  76. package/docs/PACKAGES.md +167 -0
  77. package/docs/PERFORMANCE.md +110 -0
  78. package/docs/PROJECT_COMPLETION_TRACKER.md +4 -35
  79. package/docs/README.md +0 -1
  80. package/docs/REMAINING_FEATURES.md +123 -76
  81. package/docs/ROADMAP.md +200 -120
  82. package/docs/SECURITY-IF-REPO-PUBLIC.md +232 -0
  83. package/docs/TESTING_REQUIREMENTS.md +1 -112
  84. package/docs/ai-knowledge-base/00-project-profile.md +38 -0
  85. package/docs/ai-knowledge-base/01-features.md +46 -0
  86. package/docs/ai-knowledge-base/02-routes.md +72 -0
  87. package/docs/ai-knowledge-base/03-tech-stack.md +57 -0
  88. package/docs/ai-knowledge-base/README.md +23 -0
  89. package/docs/analytics-tracking.md +37 -0
  90. package/docs/capacitor-official-plugins.md +46 -0
  91. package/docs/capawesome-plugins.md +29 -0
  92. package/docs/deployment/HOSTINGER_DEPLOY.md +75 -34
  93. package/docs/deployment/PRODUCTION-DEPLOY-CHECKLIST.md +184 -0
  94. package/docs/docs-site/plan.md +201 -0
  95. package/docs/docs-site/scope.md +127 -0
  96. package/docs/docs-site/tracker.json +235 -0
  97. package/docs/error-handling-tracking.md +37 -0
  98. package/docs/guides/testing-guide.md +15 -41
  99. package/docs/package-audit.md +41 -0
  100. package/docs/play-store/ASO-METADATA.md +5 -0
  101. package/docs/play-store/DATA-SAFETY.md +5 -0
  102. package/docs/play-store/DECLARATIONS.md +5 -0
  103. package/docs/play-store/README.md +27 -0
  104. package/docs/play-store/RELEASE-NOTES.md +99 -0
  105. package/docs/play-store/RELEASE-STEPS.md +6 -0
  106. package/docs/play-store/STORE-LISTING.md +7 -0
  107. package/docs/play-store/SUBMISSION-CHECKLIST.md +5 -0
  108. package/docs/production-readiness.md +1 -1
  109. package/docs/project-audit/2026-05-16/00-FINALIZATION-PLAN.md +123 -0
  110. package/docs/project-audit/2026-05-16/01-BATCH-PLAN.md +227 -0
  111. package/docs/project-audit/2026-05-16/02-AUDIT-FINDINGS.md +144 -0
  112. package/docs/project-audit/2026-05-16/sessions/batch-01.md +42 -0
  113. package/docs/project-audit/2026-05-16/sessions/batch-02.md +74 -0
  114. package/docs/project-audit/2026-05-16/sessions/batch-03.md +71 -0
  115. package/docs/project-audit/2026-05-16/sessions/batch-04.md +88 -0
  116. package/docs/project-audit/2026-05-16/sessions/batch-05.md +63 -0
  117. package/docs/project-audit/2026-05-16/sessions/batch-06.md +103 -0
  118. package/docs/project-audit/2026-05-16/sessions/batch-07.md +61 -0
  119. package/docs/project-audit/2026-05-16/sessions/batch-08.md +101 -0
  120. package/docs/project-audit/2026-05-16/sessions/batch-09.md +105 -0
  121. package/docs/project-audit/2026-05-16/sessions/batch-10.md +102 -0
  122. package/docs/project-audit/AUDIT-HISTORY.md +74 -0
  123. package/docs/project-audit/BATCH-PLAN.md +168 -0
  124. package/docs/project-audit/MARKETING-WEBSITE-FINDINGS-2026-05-11.md +73 -0
  125. package/docs/project-audit/PRODUCTION-READINESS-AUDIT-2026-05-08.md +275 -0
  126. package/docs/project-finalization/00-tracker.json +60 -0
  127. package/docs/project-knowledge-base/01-system-overview.md +39 -30
  128. package/docs/project-knowledge-base/02-routes-pages-forms-users.md +87 -81
  129. package/docs/project-knowledge-base/03-tech-stack-modules-services.md +140 -108
  130. package/docs/project-knowledge-base/04-data-models-integrations.md +191 -254
  131. package/docs/project-knowledge-base/05-docs-corpus-inventory.md +83 -20
  132. package/docs/project-knowledge-base/06-operations-testing-legal-content.md +67 -29
  133. package/docs/project-knowledge-base/README.md +27 -14
  134. package/docs/project-profiles/native-update-capacitor-update-platform-project-profile-last-updated-2026-05-19.md +81 -0
  135. package/docs/rules-tracker.md +102 -0
  136. package/docs/security/PRE-LAUNCH-PENTEST-CHECKLIST.md +116 -0
  137. package/docs/social-media-marketing/README.md +81 -0
  138. package/docs/social-media-marketing/posts-batch-01.md +613 -0
  139. package/docs/social-media-marketing/posts-batch-02.md +528 -0
  140. package/docs/social-media-marketing/whatsapp-messages-batch-01.md +458 -0
  141. package/docs/social-media-marketing/whatsapp-status-batch-01.md +355 -0
  142. package/docs/tracking/finalization-2026-05-16-tracker.json +346 -0
  143. package/docs/tracking/full-audit-tracker.json +121 -0
  144. package/docs/tracking/production-readiness-audit-tracker.json +429 -0
  145. package/ios/Plugin/BackgroundUpdate/BackgroundUpdatePlugin.swift +16 -3
  146. package/ios/Plugin/LiveUpdate/LiveUpdatePlugin.swift +71 -47
  147. package/ios/Plugin/NativeUpdatePlugin.swift +14 -9
  148. package/package.json +29 -29
  149. package/cli/node_modules/.yarn-integrity +0 -16
  150. package/cli/node_modules/commander/LICENSE +0 -22
  151. package/cli/node_modules/commander/Readme.md +0 -1148
  152. package/cli/node_modules/commander/esm.mjs +0 -16
  153. package/cli/node_modules/commander/index.js +0 -26
  154. package/cli/node_modules/commander/lib/argument.js +0 -145
  155. package/cli/node_modules/commander/lib/command.js +0 -2179
  156. package/cli/node_modules/commander/lib/error.js +0 -43
  157. package/cli/node_modules/commander/lib/help.js +0 -462
  158. package/cli/node_modules/commander/lib/option.js +0 -329
  159. package/cli/node_modules/commander/lib/suggestSimilar.js +0 -100
  160. package/cli/node_modules/commander/package-support.json +0 -16
  161. package/cli/node_modules/commander/package.json +0 -80
  162. package/cli/node_modules/commander/typings/esm.d.mts +0 -3
  163. package/cli/node_modules/commander/typings/index.d.ts +0 -884
  164. package/cli/yarn.lock +0 -8
  165. package/dist/esm/__tests__/bundle-manager.test.d.ts +0 -1
  166. package/dist/esm/__tests__/bundle-manager.test.js +0 -151
  167. package/dist/esm/__tests__/bundle-manager.test.js.map +0 -1
  168. package/dist/esm/__tests__/config.test.d.ts +0 -1
  169. package/dist/esm/__tests__/config.test.js +0 -70
  170. package/dist/esm/__tests__/config.test.js.map +0 -1
  171. package/dist/esm/__tests__/delta-processor.test.d.ts +0 -1
  172. package/dist/esm/__tests__/delta-processor.test.js +0 -77
  173. package/dist/esm/__tests__/delta-processor.test.js.map +0 -1
  174. package/dist/esm/__tests__/firestore-schema.test.d.ts +0 -1
  175. package/dist/esm/__tests__/firestore-schema.test.js +0 -74
  176. package/dist/esm/__tests__/firestore-schema.test.js.map +0 -1
  177. package/dist/esm/__tests__/integration.test.d.ts +0 -1
  178. package/dist/esm/__tests__/integration.test.js +0 -78
  179. package/dist/esm/__tests__/integration.test.js.map +0 -1
  180. package/dist/esm/__tests__/manifest-reader.test.d.ts +0 -1
  181. package/dist/esm/__tests__/manifest-reader.test.js +0 -271
  182. package/dist/esm/__tests__/manifest-reader.test.js.map +0 -1
  183. package/dist/esm/__tests__/rollout-checker.test.d.ts +0 -1
  184. package/dist/esm/__tests__/rollout-checker.test.js +0 -210
  185. package/dist/esm/__tests__/rollout-checker.test.js.map +0 -1
  186. package/dist/esm/__tests__/security-enforcement.test.d.ts +0 -1
  187. package/dist/esm/__tests__/security-enforcement.test.js +0 -95
  188. package/dist/esm/__tests__/security-enforcement.test.js.map +0 -1
  189. package/dist/esm/__tests__/security.test.d.ts +0 -1
  190. package/dist/esm/__tests__/security.test.js +0 -54
  191. package/dist/esm/__tests__/security.test.js.map +0 -1
  192. package/dist/esm/__tests__/version-manager.test.d.ts +0 -1
  193. package/dist/esm/__tests__/version-manager.test.js +0 -45
  194. package/dist/esm/__tests__/version-manager.test.js.map +0 -1
  195. package/dist/esm/app-review/app-review-manager.js.map +0 -1
  196. package/dist/esm/app-review/index.js.map +0 -1
  197. package/dist/esm/app-review/platform-review-handler.js.map +0 -1
  198. package/dist/esm/app-review/review-conditions-checker.js.map +0 -1
  199. package/dist/esm/app-review/review-rate-limiter.js.map +0 -1
  200. package/dist/esm/app-review/types.js.map +0 -1
  201. package/dist/esm/app-update/app-update-checker.js.map +0 -1
  202. package/dist/esm/app-update/app-update-installer.js.map +0 -1
  203. package/dist/esm/app-update/app-update-manager.js.map +0 -1
  204. package/dist/esm/app-update/app-update-notifier.js.map +0 -1
  205. package/dist/esm/app-update/index.js.map +0 -1
  206. package/dist/esm/app-update/platform-app-update.js.map +0 -1
  207. package/dist/esm/app-update/types.js.map +0 -1
  208. package/dist/esm/background-update/background-scheduler.js.map +0 -1
  209. package/dist/esm/background-update/index.js.map +0 -1
  210. package/dist/esm/background-update/notification-manager.js.map +0 -1
  211. package/dist/esm/config/support.js.map +0 -1
  212. package/dist/esm/core/analytics.js.map +0 -1
  213. package/dist/esm/core/cache-manager.js.map +0 -1
  214. package/dist/esm/core/config.js.map +0 -1
  215. package/dist/esm/core/errors.js.map +0 -1
  216. package/dist/esm/core/event-emitter.js.map +0 -1
  217. package/dist/esm/core/logger.js.map +0 -1
  218. package/dist/esm/core/performance.js.map +0 -1
  219. package/dist/esm/core/plugin-manager.js.map +0 -1
  220. package/dist/esm/core/security.js.map +0 -1
  221. package/dist/esm/definitions.js.map +0 -1
  222. package/dist/esm/firestore/firestore-client.d.ts +0 -109
  223. package/dist/esm/firestore/firestore-client.js +0 -264
  224. package/dist/esm/firestore/firestore-client.js.map +0 -1
  225. package/dist/esm/firestore/index.d.ts +0 -11
  226. package/dist/esm/firestore/index.js +0 -11
  227. package/dist/esm/firestore/index.js.map +0 -1
  228. package/dist/esm/firestore/manifest-reader.d.ts +0 -87
  229. package/dist/esm/firestore/manifest-reader.js +0 -294
  230. package/dist/esm/firestore/manifest-reader.js.map +0 -1
  231. package/dist/esm/firestore/schema.d.ts +0 -507
  232. package/dist/esm/firestore/schema.js +0 -73
  233. package/dist/esm/firestore/schema.js.map +0 -1
  234. package/dist/esm/index.js.map +0 -1
  235. package/dist/esm/live-update/bundle-manager.js.map +0 -1
  236. package/dist/esm/live-update/certificate-pinning.js.map +0 -1
  237. package/dist/esm/live-update/delta-processor.js.map +0 -1
  238. package/dist/esm/live-update/download-manager.js.map +0 -1
  239. package/dist/esm/live-update/rollout-checker.js.map +0 -1
  240. package/dist/esm/live-update/update-manager.js.map +0 -1
  241. package/dist/esm/live-update/version-manager.js.map +0 -1
  242. package/dist/esm/plugin.js.map +0 -1
  243. package/dist/esm/security/crypto.js.map +0 -1
  244. package/dist/esm/security/validator.js.map +0 -1
  245. package/dist/esm/web.js.map +0 -1
  246. package/dist/plugin.cjs.js.map +0 -1
  247. package/dist/plugin.esm.js.map +0 -1
  248. package/dist/plugin.js.map +0 -1
  249. package/docs/FIREBASE_INTEGRATION_TRACKER.md +0 -321
  250. package/docs/FIREBASE_QUERIES_AND_INDEXES_AUDIT.md +0 -221
  251. package/docs/examples/firebase-backend-example.md +0 -27
  252. package/docs/features/laravel-nova-backend/credentials.ignore.md +0 -34
  253. package/docs/guides/no-cost-backend-implementation-plan.md +0 -77
  254. package/docs/guides/no-cost-firestore-google-drive-backend.md +0 -60
  255. package/docs/project-profiles/native-update-capacitor-update-platform-project-profile-last-updated-2026-03-16.md +0 -454
  256. package/docs/project-profiles/native-update-capacitor-update-platform-project-profile-last-updated-2026-03-24.md +0 -66
  257. package/docs/project-profiles/native-update-capacitor-update-platform-project-profile-last-updated-2026-03-25.md +0 -67
  258. /package/docs/{MARKETING_WEBSITE_PLAN.md → archive/MARKETING_WEBSITE_PLAN.md} +0 -0
package/docs/ROADMAP.md CHANGED
@@ -1,15 +1,15 @@
1
- # Capacitor Native Update - Development Roadmap
1
+ # Capacitor Native Update Development Roadmap
2
2
 
3
- **Last Updated:** 2026-01-16
4
- **Status:** ✅ PRODUCTION READY (Core Features Complete)
3
+ **Last Updated:** 2026-05-18
4
+ **Status:** ✅ Production Ready — Play-Store-publishable end-to-end (finalization audit closed 2026-05-16; cooldown until 2026-05-23)
5
5
 
6
- This document outlines the development phases and their completion status.
6
+ This document outlines the development phases and their completion status. For the authoritative timeline of who-shipped-what-when, see the root `CLAUDE.md` Audit Record + `docs/CHANGELOG.md`.
7
7
 
8
8
  ---
9
9
 
10
10
  ## ✅ Current Status: Production Ready
11
11
 
12
- The plugin provides complete OTA update functionality with native implementations for iOS and Android, comprehensive documentation, example applications, and developer tools.
12
+ The plugin provides complete OTA update functionality with native implementations for iOS and Android, a Laravel 13 + Nova 5 SaaS backend with Sanctum-token auth + Spatie RBAC, comprehensive documentation (including a public Docusaurus docs site with 58 pages), example applications, CLI release-management tooling, and a Capacitor-wrapped React dashboard that is Play-Store-publishable end-to-end.
13
13
 
14
14
  ---
15
15
 
@@ -18,157 +18,233 @@ The plugin provides complete OTA update functionality with native implementation
18
18
  ### 1. Backend Infrastructure ✅ COMPLETE
19
19
 
20
20
  #### Update Server
21
- - [x] REST API endpoints for update management (Firebase Functions)
21
+
22
+ - [x] Laravel 13 + Nova 5 SaaS backend (`backend/` — the only backend after v3.0.0)
23
+ - [x] REST API endpoints for update management (`/api/dashboard/*` for the dashboard, `/api/v1/*` for the mobile plane)
22
24
  - [x] Version management system
23
- - [x] Bundle storage and retrieval (Google Drive integration)
25
+ - [x] Bundle storage and retrieval (Google Drive via server-side OAuth)
24
26
  - [x] Update manifest generation
25
27
  - [x] Channel management (production, staging, development)
26
28
  - [x] Analytics endpoints
29
+ - [x] Rollout config (percentage + pause/resume + targetSegments JSON) on the `builds` table
30
+ - [x] FormRequest validators on every mutating endpoint
31
+ - [x] env-driven CORS allowlist
32
+ - [x] PayPal webhook + Stripe subscription model
33
+
34
+ #### Auth + Identity
35
+
36
+ - [x] Laravel Socialite (Google OAuth) — only sign-in method
37
+ - [x] Sanctum personal access tokens (default 7-day TTL; configurable via `SANCTUM_TOKEN_EXPIRATION`)
38
+ - [x] `spatie/laravel-permission` RBAC with `super-admin`, `admin`, `user` roles
39
+ - [x] Per-route `can:<permission>` middleware on every dashboard/admin endpoint
40
+ - [x] `Gate::before` super-admin bypass
41
+ - [x] `php artisan native-update:role-assign <email> <role>` command for ops-driven role changes
42
+ - [x] Per-app `ValidateApiKey` middleware for the mobile `/api/v1/*` plane (separate from Sanctum)
27
43
 
28
44
  #### Security Infrastructure
45
+
29
46
  - [x] Bundle signing service (CLI tools)
30
- - [x] Public/private key generation
47
+ - [x] Public/private key generation (RSA-2048 / RSA-4096 / EC P-256 / EC P-384)
31
48
  - [x] Checksum generation (SHA-256)
32
- - [x] Signature verification
49
+ - [x] Signature verification (RSA-SHA256 / ECDSA)
50
+ - [x] Encrypted Drive OAuth token storage (Laravel encrypter)
51
+ - [x] Hashed-at-rest Sanctum tokens
33
52
 
34
53
  #### Example Backends
54
+
35
55
  - [x] Node.js + Express example (`example-apps/node-express/`)
36
- - [x] Firebase Cloud Functions example (`example-apps/firebase-backend/`)
37
56
  - [x] Google Drive integration for storage
38
57
 
58
+ (Note: `example-apps/firebase-backend/` was removed in v3.0.0; the project no longer carries a Firebase backend example.)
59
+
39
60
  ### 2. Native Platform Implementation ✅ COMPLETE
40
61
 
41
62
  #### iOS (Swift)
42
- - [x] NativeUpdatePlugin.swift - Main plugin
43
- - [x] LiveUpdatePlugin.swift - OTA updates
44
- - [x] BundleManager.swift - Bundle management
45
- - [x] AppUpdatePlugin.swift - App store updates
46
- - [x] AppReviewPlugin.swift - In-app reviews
47
- - [x] BackgroundUpdatePlugin.swift - Background updates
48
- - [x] SecurityManager.swift - Security utilities
63
+
64
+ - [x] NativeUpdatePlugin.swift Main plugin
65
+ - [x] LiveUpdatePlugin.swift OTA updates
66
+ - [x] BundleManager (bundle handling)
67
+ - [x] AppUpdatePlugin.swift App store updates
68
+ - [x] AppReviewPlugin.swift — In-app reviews (`SKStoreReviewController`)
69
+ - [x] BackgroundUpdatePlugin.swift Background updates (BGTaskScheduler)
70
+ - [x] SecurityManager.swift — Security utilities
49
71
 
50
72
  #### Android (Kotlin)
51
- - [x] NativeUpdatePlugin.kt - Main plugin
52
- - [x] LiveUpdatePlugin.kt - OTA updates
53
- - [x] BundleManager.kt - Bundle management
54
- - [x] AppUpdatePlugin.kt - Play Store updates (Play Core Library)
55
- - [x] AppReviewPlugin.kt - In-app reviews
56
- - [x] BackgroundUpdatePlugin.kt - Background updates
57
- - [x] SecurityManager.kt - Security utilities
73
+
74
+ - [x] NativeUpdatePlugin.kt Main plugin
75
+ - [x] LiveUpdatePlugin.kt OTA updates
76
+ - [x] BundleManager (bundle handling)
77
+ - [x] AppUpdatePlugin.kt Play Store updates (Play Core Library)
78
+ - [x] AppReviewPlugin.kt — In-app reviews (Play Review)
79
+ - [x] BackgroundUpdatePlugin.kt Background updates (WorkManager)
80
+ - [x] SecurityManager.kt — Security utilities
58
81
 
59
82
  ### 3. TypeScript Implementation ✅ COMPLETE
60
83
 
61
84
  - [x] Plugin definitions and interfaces
62
85
  - [x] Web implementation
63
- - [x] Live update module (7 files)
64
- - [x] App update module (7 files)
65
- - [x] App review module (6 files)
66
- - [x] Background update module (3 files)
67
- - [x] Core infrastructure (9 files)
68
- - [x] Security module (2 files)
69
- - [x] Firestore integration (4 files)
86
+ - [x] Live update module
87
+ - [x] App update module
88
+ - [x] App review module
89
+ - [x] Background update module
90
+ - [x] Core infrastructure (analytics, cache, config, errors, event-emitter, logger, performance, plugin-manager, security)
91
+ - [x] Security module (crypto, validator)
92
+
93
+ (Note: `src/firestore/` was removed in v3.0.0. The plugin no longer carries any Firestore code; manifest reads happen over plain HTTPS against any user-controlled endpoint.)
70
94
 
71
95
  ### 4. Testing Suite ✅ COMPLETE
72
96
 
73
- #### TypeScript Unit Tests
74
- - [x] Bundle manager tests
75
- - [x] Config tests
76
- - [x] Delta processor tests
77
- - [x] Firestore schema tests
78
- - [x] Manifest reader tests
79
- - [x] Rollout checker tests
80
- - [x] Security tests
81
- - [x] Version manager tests
82
- - [x] Integration tests
83
-
84
- #### iOS Native Tests (XCTest) ✅ IMPLEMENTED
85
- - [x] SecurityManagerTests.swift (6 tests)
86
- - [x] LiveUpdateTests.swift (10 tests)
87
- - [x] AppUpdateTests.swift (5 tests)
88
- - [x] AppReviewTests.swift (5 tests)
89
- - [x] BackgroundUpdateTests.swift (6 tests)
90
-
91
- #### Android Native Tests (JUnit/Kotlin) ✅ IMPLEMENTED
92
- - [x] SecurityManagerTest.kt (10 tests)
93
- - [x] LiveUpdatePluginTest.kt (10 tests)
94
- - [x] AppUpdatePluginTest.kt (5 tests)
95
- - [x] AppReviewPluginTest.kt (5 tests)
96
- - [x] BackgroundUpdateWorkerTest.kt (5 tests)
97
- - [x] BackgroundNotificationManagerTest.kt (5 tests)
98
-
99
- #### E2E Tests (Detox) ✅ IMPLEMENTED
100
- - [x] Complete update lifecycle (ota-update.e2e.spec.js)
101
- - [x] Download progress tracking (download-progress.e2e.spec.js)
102
- - [x] Channel switching (channel-switching.e2e.spec.js)
103
- - [x] Error handling (error-handling.e2e.spec.js)
97
+ #### Backend Tests (Laravel)
98
+
99
+ - [x] OAuth + Socialite flow
100
+ - [x] Sanctum token issuance + middleware
101
+ - [x] Spatie permission seeder + role assignment
102
+ - [x] UpdateBuildRequest FormRequest validation
103
+ - [x] PayPal webhook (4 cases)
104
+ - [x] BundleUploadTest (7 cases)
105
+ - [x] UserLicenseTest (5 cases)
106
+ - **Total: 136/136 passing** (Pest/PHPUnit)
107
+
108
+ #### iOS Native Tests (XCTest) ✅
109
+
110
+ - [x] SecurityManagerTests.swift
111
+ - [x] LiveUpdateTests.swift
112
+ - [x] AppUpdateTests.swift
113
+ - [x] AppReviewTests.swift
114
+ - [x] BackgroundUpdateTests.swift
115
+
116
+ #### Android Native Tests (JUnit/Kotlin)
117
+
118
+ - [x] SecurityManagerTest.kt
119
+ - [x] LiveUpdatePluginTest.kt
120
+ - [x] AppUpdatePluginTest.kt
121
+ - [x] AppReviewPluginTest.kt
122
+ - [x] BackgroundUpdateWorkerTest.kt
123
+ - [x] BackgroundNotificationManagerTest.kt
104
124
 
105
125
  ### 5. Tooling and Utilities ✅ COMPLETE
106
126
 
107
127
  #### CLI Package (8 Commands)
108
- - [x] `init` - Initialize a new project
109
- - [x] `bundle-create` - Create update bundles
110
- - [x] `bundle-sign` - Sign bundles cryptographically
111
- - [x] `bundle-verify` - Verify bundle signatures
112
- - [x] `keys-generate` - Generate RSA/ECDSA keys
113
- - [x] `backend-create` - Scaffold backend server
114
- - [x] `server-start` - Run local update server
115
- - [x] `monitor` - Monitor update deployments
128
+
129
+ - [x] `init` Initialize a new project
130
+ - [x] `bundle-create` Create update bundles
131
+ - [x] `bundle-sign` Sign bundles cryptographically
132
+ - [x] `bundle-verify` Verify bundle signatures
133
+ - [x] `keys-generate` Generate RSA / ECDSA keypairs
134
+ - [x] `backend-create` Scaffold backend server (with `TODO[SCAFFOLD-IMPLEMENT-BEFORE-DEPLOY]` markers)
135
+ - [x] `server-start` Run local update server
136
+ - [x] `monitor` — Monitor update deployments (interval+spinner cleanup, signal handlers, failure bail)
116
137
 
117
138
  #### Developer Tools
139
+
118
140
  - [x] Local testing server
119
141
  - [x] Bundle creator utility
120
142
  - [x] Bundle signer utility
121
143
 
122
144
  ### 6. Documentation ✅ COMPLETE
123
145
 
124
- - [x] API documentation (7 files in `/docs/api/`)
125
- - [x] Feature guides (3 files in `/docs/features/`)
126
- - [x] Getting started guides (3 files)
127
- - [x] Developer guides (5 files)
128
- - [x] Examples (2 files)
129
- - [x] Security documentation
130
- - [x] Migration guide
146
+ - [x] API documentation (`docs/api/`)
147
+ - [x] Feature guides (`docs/features/`)
148
+ - [x] Getting started guides (`docs/getting-started/`)
149
+ - [x] Developer guides (`docs/guides/`)
150
+ - [x] Examples (`docs/examples/`)
151
+ - [x] Security documentation + PRE-LAUNCH-PENTEST-CHECKLIST
152
+ - [x] Migration guide (v2 → v3.0.0 + 2026-05-11 auth-swap notes)
131
153
  - [x] Changelog
132
154
  - [x] Known limitations
133
-
134
- ### 7. Marketing Website ✅ COMPLETE
135
-
136
- - [x] 24 pages (marketing + dashboard)
137
- - [x] User authentication (Firebase + Google)
138
- - [x] Dashboard with app management
139
- - [x] Build upload and management
140
- - [x] Google Drive integration
141
- - [x] Analytics visualization
155
+ - [x] **Public Docusaurus docs site** (sibling repo `native-update-docs`, Firebase Hosting, 58 Diátaxis-organized pages, ~76k words, 30+ AI-bot allowlist + llms.txt + JSON-LD)
156
+
157
+ ### 7. Marketing Website + Dashboard ✅ COMPLETE
158
+
159
+ - [x] React 19 + Vite 7 + Tailwind v4 + TanStack Query + Radix primitives
160
+ - [x] Public marketing pages (Home, Features 1956 words, Pricing 1897 words, About 1913 words, Docs, Examples, Contact)
161
+ - [x] Authenticated dashboard (Apps, Builds, Upload, Drive, Config, Settings, Rollouts, Analytics)
162
+ - [x] Admin pages (Overview, Users, Apps, Builds) with Spatie permission gates
163
+ - [x] User authentication via Laravel Socialite + Sanctum (Firebase Auth removed 2026-05-11)
164
+ - [x] Build upload and management (multipart → Laravel → Drive)
165
+ - [x] Google Drive connect/disconnect (server-side OAuth)
166
+ - [x] Analytics visualization (D3-based; pulls aggregates from `/api/dashboard/analytics`)
142
167
  - [x] Configuration generator
143
- - [x] All legal pages (Privacy, Terms, Security, Cookies, Data Deletion)
168
+ - [x] All legal pages (Privacy, Terms, Security, Cookies, Data Deletion) rewritten for the Sanctum stack
169
+ - [x] SEO/AEO discovery files: robots.txt with 30+ AI bots, sitemap.xml, sitemap-index.json, feed.xml, llms.txt, llms-full.txt, ai.txt, humans.txt, security.txt, machine-readable pricing.md
170
+ - [x] Per-route static HTML prerender + per-route JSON-LD
171
+ - [x] Capacitor-wrapped for Play Store distribution (Android release readiness closed 2026-05-16)
144
172
 
145
173
  ### 8. Example Applications ✅ COMPLETE
146
174
 
147
- - [x] React + Capacitor frontend (`example-apps/react-capacitor/`)
148
- - [x] Node.js + Express backend (`example-apps/node-express/`)
149
- - [x] Firebase Cloud Functions (`example-apps/firebase-backend/`)
175
+ - [x] React + Capacitor frontend (`example-apps/react-capacitor/`) — with capability cards for app-update / app-review / background-update; React 18 (stable downstream target)
176
+ - [x] Node.js + Express backend (`example-apps/node-express/`) — minimal manifest-endpoint reference
177
+
178
+ ### 9. CI/CD ✅ COMPLETE
179
+
180
+ - [x] `.github/workflows/ci.yml` — yarn-based CI on PRs (corepack + node 20 + yarn 4)
181
+ - [x] `.github/workflows/release.yml` — tag-driven npm publish (with provenance) + GitHub Release
182
+ - [x] `.github/workflows/example-bundle.yml` — release+manual+weekly-cron build of the example app, signed, attached to GitHub Release (ephemeral-key fallback when secret absent)
183
+
184
+ ### 10. Android Release Readiness ✅ COMPLETE (2026-05-16)
185
+
186
+ - [x] `signingConfigs.release` wired from env vars
187
+ - [x] ProGuard / R8 enabled with Capacitor-aware rules
188
+ - [x] `network_security_config.xml` (HTTPS-only outside debug; localhost cleartext exception for dev)
189
+ - [x] Branded launcher icons (15 PNGs across all densities + adaptive icons)
190
+ - [x] Branded splash assets (11 PNGs)
191
+ - [x] 3 Play Store graphics (feature graphic, promo graphic, TV banner) rendered from SVG via rsvg-convert
192
+ - [x] 10-section `docs/deployment/BUILD_FOR_PLAY_STORE.md` runbook
193
+ - [x] `screenshots/CAPTURE-GUIDE.md`
194
+ - [x] Play Store `full-description.md` + `data-safety.md` rewritten for the Sanctum stack
195
+ - [x] Unverifiable SOC / ISO / SLA claims removed from SecurityPage
150
196
 
151
197
  ---
152
198
 
153
199
  ## 🎯 Future Enhancement Phases
154
200
 
155
- ### ~~Phase 1: Advanced Testing~~ ✅ COMPLETE (2026-01-16)
156
- - [x] iOS XCTest implementation - 5 files, 32 tests
157
- - [x] Android JUnit tests - 6 files, 40 tests
158
- - [x] E2E test suite with Detox - 4 specs, 19 tests
201
+ ### ~~Phase 1: Advanced Testing~~ ✅ COMPLETE (2026-01-16 → 2026-05-11)
202
+
203
+ - [x] iOS XCTest implementation
204
+ - [x] Android JUnit tests
205
+ - [x] E2E test suite with Detox
206
+ - [x] Backend Pest/PHPUnit test suite (added 2026-05-08 → 2026-05-11)
207
+ - [x] Microbenchmark scaffold for security hot paths (added 2026-05-11)
208
+
209
+ ### ~~Phase 2: CI/CD~~ ✅ COMPLETE (2026-05-08 → 2026-05-11)
210
+
211
+ - [x] GitHub Actions CI (`.github/workflows/ci.yml`)
212
+ - [x] GitHub Actions release pipeline (`.github/workflows/release.yml`)
213
+ - [x] GitHub Actions example-bundle pipeline (`.github/workflows/example-bundle.yml`)
214
+
215
+ ### ~~Phase 3: Public Docs Site~~ ✅ COMPLETE (2026-05-11)
159
216
 
160
- ### Phase 2: Enterprise Features (Optional)
161
- - [ ] Delta updates WASM optimization
162
- - [ ] Multi-tenant SaaS platform
163
- - [ ] Enterprise SSO integration
164
- - [ ] Advanced rollout strategies
217
+ - [x] Docusaurus public docs site at sibling repo `native-update-docs`
218
+ - [x] 58 Diátaxis-organized pages, ~76k words
219
+ - [x] Firebase Hosting deployed (custom domain ready)
220
+ - [x] 7 discovery files (robots / llms / llms-full / humans / security / sitemap-index / sitemap)
221
+ - [x] 3 JSON-LD blocks per page
222
+
223
+ ### ~~Phase 4: Android Play Store Readiness~~ ✅ COMPLETE (2026-05-16)
224
+
225
+ (See "Android Release Readiness" section above.)
226
+
227
+ ### Phase 5: Enterprise Features (Optional, future)
228
+
229
+ - [ ] Delta updates WASM optimization (placeholder exists)
165
230
  - [ ] A/B testing support
231
+ - [ ] Multi-tenant SaaS hardening (sub-team / org accounts / shared ownership)
232
+ - [ ] Enterprise SSO integration (SAML / OIDC beyond Google)
233
+ - [ ] Custom branding for white-label SaaS
234
+ - [ ] SLA monitoring + uptime page
235
+ - [ ] Audit-logging UI surfaces on top of existing `analytics_events` data
236
+
237
+ ### Phase 6: Community / Ecosystem (Optional, future)
166
238
 
167
- ### Phase 3: Community Features (Optional)
168
239
  - [ ] Video tutorials
169
- - [ ] Additional framework examples (Vue, Angular)
170
- - [ ] CI/CD integration templates
171
- - [ ] Community plugins
240
+ - [ ] Wikipedia / Reddit / Product Hunt / AlternativeTo / G2 / Capterra presence (AI-citation reach)
241
+ - [ ] Additional framework examples (Vue, Angular, Svelte)
242
+ - [ ] Additional backend examples (Python, Java)
243
+ - [ ] Community plugins directory
244
+
245
+ ### Phase 7: Internal Refactors (Optional, future)
246
+
247
+ - [ ] `website/src/pages/DocsPage.tsx` — 1,406-line file (workspace 500-line max). Multi-session refactor into per-feature sub-components.
172
248
 
173
249
  ---
174
250
 
@@ -176,40 +252,44 @@ The plugin provides complete OTA update functionality with native implementation
176
252
 
177
253
  | Category | Status | Progress |
178
254
  |----------|--------|----------|
179
- | Backend Infrastructure | ✅ Complete | 100% |
255
+ | Backend Infrastructure (Laravel + Nova + Sanctum + Spatie) | ✅ Complete | 100% |
180
256
  | iOS Native Implementation | ✅ Complete | 100% |
181
257
  | Android Native Implementation | ✅ Complete | 100% |
182
258
  | TypeScript Implementation | ✅ Complete | 100% |
183
259
  | CLI Tools | ✅ Complete | 100% |
184
- | Documentation | ✅ Complete | 100% |
185
- | Marketing Website | ✅ Complete | 100% |
260
+ | Documentation (repo + public Docusaurus) | ✅ Complete | 100% |
261
+ | Marketing Website + Dashboard | ✅ Complete | 100% |
186
262
  | Example Applications | ✅ Complete | 100% |
187
- | TypeScript Unit Tests | ✅ Complete | 100% |
263
+ | Backend Pest Tests | ✅ Complete | 100% (136/136) |
188
264
  | iOS Native Tests (XCTest) | ✅ Complete | 100% |
189
265
  | Android Native Tests (JUnit) | ✅ Complete | 100% |
190
- | E2E Tests (Detox) | ✅ Complete | 100% |
266
+ | CI/CD | ✅ Complete | 100% |
267
+ | Android Release Readiness | ✅ Complete | 100% |
268
+ | Enterprise Features (Phase 5) | ⏳ Optional | 0% |
269
+ | Community / Ecosystem (Phase 6) | ⏳ Optional | 0% |
191
270
 
192
- **Overall Status:** Production Ready with Comprehensive Test Coverage
271
+ **Overall Status:** Production Ready, Play-Store-publishable end-to-end, with backend Pest + iOS XCTest + Android JUnit test layers passing.
193
272
 
194
273
  ---
195
274
 
196
275
  ## 📝 Notes
197
276
 
198
- - Core plugin functionality is complete and tested
199
- - Native tests are fully implemented (iOS XCTest, Android JUnit)
200
- - E2E tests are implemented with Detox framework
201
- - All builds pass with zero errors
202
- - All lint checks pass with zero warnings
203
- - Comprehensive test coverage with ~121 tests across all categories
277
+ - v3.0.0 (2026-05-04) removed Firestore from the plugin SDK + website; Laravel HTTP is the only backend.
278
+ - 2026-05-11 swapped Firebase Auth for Laravel Socialite + Sanctum + Spatie RBAC.
279
+ - 2026-05-16 closed the finalization audit (10 batches) making the Capacitor-wrapped dashboard Play-Store-publishable end-to-end.
280
+ - All builds pass with zero errors (`yarn build` root + website + Docusaurus).
281
+ - All lint checks pass with zero warnings.
282
+ - Audit cooldown until 2026-05-23 (7-day cooldown after finalization audit closure).
204
283
 
205
284
  ---
206
285
 
207
286
  ## 🤝 Contributing
208
287
 
209
- We welcome contributions! Focus areas:
210
- - Additional backend examples
211
- - Framework-specific adapters
212
- - Enterprise feature development
213
- - Delta updates optimization
288
+ Contributions welcome. Focus areas:
289
+
290
+ - Delta updates WASM optimization (Phase 5)
291
+ - Additional backend examples in other languages (Phase 6)
292
+ - Framework-specific adapters (Vue / Angular / Svelte — Phase 6)
293
+ - AI-citation reach: Wikipedia mention, Reddit / Product Hunt presence (Phase 6)
214
294
 
215
295
  See [CONTRIBUTING.md](../CONTRIBUTING.md) for guidelines.
@@ -0,0 +1,232 @@
1
+ # If This Repo Ever Becomes Public — Security Runbook
2
+
3
+ **Status:** Preventive. As of 2026-05-08 the repository is **PRIVATE** by intent.
4
+ The root `.gitignore` explicitly opts to keep `.env` files in git so the team can
5
+ share secrets. If that policy ever changes — open-sourcing the SaaS, splitting
6
+ the dashboard into a separate public repo, accidental leak via a public mirror,
7
+ contractor audit, etc. — work through this runbook in order. Do **not** rely on
8
+ "I'll just delete the file" — git history keeps it forever unless you scrub.
9
+
10
+ > **Trigger phrases that mean "run this runbook":** "make this repo public",
11
+ > "open-source this", "we're forking the dashboard public", "the repo got
12
+ > mirrored", "GitHub flagged a leaked secret", "we leaked X".
13
+
14
+ ---
15
+
16
+ ## Step 0 — Stop and assess (before pushing anything)
17
+
18
+ 1. Is the repo currently public on GitHub or anywhere else? Check
19
+ `gh repo view aoneahsan/native-update --json visibility` and search GitHub
20
+ + GitLab + public mirrors for `aoneahsan/native-update`.
21
+ 2. What is the diff between "what's checked in today" and "what should be
22
+ public"? Run `git ls-files | xargs grep -lE 'AIza|sk_live_|AKIA|-----BEGIN'`
23
+ to list files containing literal secret patterns.
24
+ 3. List every `.env*` file currently tracked:
25
+ ```bash
26
+ git ls-files | grep -E '\.env(\..+)?$|\.pem$|keystores/|keystore\.properties$|\.jks$|\.keystore$'
27
+ ```
28
+ 4. **Decide:** rotate-all-then-publish (safe) or scrub-history-then-publish (faster
29
+ but irreversible). Default: rotate-all. Pick the second only if rotation is
30
+ blocked (live PayPal subscriptions in flight, Google OAuth client in use by
31
+ real users, etc.) — and even then, rotate within the next 30 days.
32
+
33
+ ---
34
+
35
+ ## Step 1 — Rotate every committed secret
36
+
37
+ Treat every secret that has EVER touched git as compromised. Rotate, don't
38
+ re-use. Order: highest-blast-radius first.
39
+
40
+ | Secret | Where it lives | How to rotate |
41
+ |---|---|---|
42
+ | Google OAuth Client Secret | `backend/.env` `GOOGLE_CLIENT_SECRET` | Google Cloud Console → APIs & Services → Credentials → reset client secret. Update on server. Existing Sanctum bearer tokens issued by previous sign-ins keep working until they expire (`SANCTUM_TOKEN_EXPIRATION` minutes); to revoke them all now run `php artisan tinker` then `\App\Models\PersonalAccessToken::truncate()`. |
43
+ | Sanctum personal access tokens | `personal_access_tokens` table | Tokens themselves aren't a config secret, but if you suspect they leaked, mass-revoke: `php artisan tinker` then `\Laravel\Sanctum\PersonalAccessToken::truncate()`. Every user has to sign in again. |
44
+ | Laravel `APP_KEY` | `backend/.env` | `php artisan key:generate --show` → paste into the server's real `.env`. **Important:** changing APP_KEY invalidates all encrypted-cookie sessions and all `encrypted:array` columns (Google Drive OAuth tokens stored on User rows). After rotation, every connected user must reconnect Google Drive. Do this in a maintenance window. |
45
+ | PayPal Live Client Secret | `backend/.env` `PAYPAL_LIVE_CLIENT_SECRET` | developer.paypal.com → My Apps & Credentials → Live → app → Show/regenerate secret. Existing subscriptions keep running on the new credentials. |
46
+ | PayPal Webhook ID | `backend/.env` `PAYPAL_WEBHOOK_ID` | developer.paypal.com → Webhooks → delete the old endpoint, create a new one pointing at the same URL, paste the new `WH-...` id. |
47
+ | FilesHub API key | `backend/.env` `FILESHUB_API_KEY` | fileshub.zaions.com → Account → API keys → revoke + regenerate. Old uploads are still accessible (public URLs) but new uploads will fail until you update the server. |
48
+ | Database password | `backend/.env` `DB_PASSWORD` | Hostinger hPanel (or your DB host) → reset password → update on server. |
49
+ | Mail credentials | `backend/.env` `MAIL_*` | If real credentials are committed, rotate at the mail provider. |
50
+ | Android keystore + key passwords | `keystores/` or `website/android/keystore.properties` | If a keystore is committed, **the app signing identity is compromised**. You cannot rotate this without uploading a new app via Google Play's "Reset upload key" flow, which requires Play Console approval. Avoid committing keystores at all costs — `website/android/keystore.properties` is gitignored by the Batch 8 changes. |
51
+ | Sentry DSN, Amplitude key, Clarity ID, Google Client ID | `website/.env` | These are public-by-design (intended to ship in client JS). No rotation needed. |
52
+
53
+ **Verification after rotation:** every server still works against the new
54
+ secrets BEFORE you scrub history. Don't break prod chasing a clean history.
55
+
56
+ ---
57
+
58
+ ## Step 2 — Add patterns to `.gitignore` (BEFORE step 3)
59
+
60
+ If you scrub history without updating `.gitignore`, the next dev's `.env` will
61
+ get re-committed. Update `.gitignore` first:
62
+
63
+ ```gitignore
64
+ # --- Secrets (added when repo went public on YYYY-MM-DD) -------------------
65
+ .env
66
+ .env.*
67
+ !.env.example
68
+ !.env.test.example
69
+
70
+ backend/.env
71
+ backend/.env.*
72
+ !backend/.env.example
73
+
74
+ website/.env
75
+ website/.env.*
76
+ !website/.env.example
77
+
78
+ backend/storage/oauth-private-key.pem
79
+ backend/storage/app.key
80
+
81
+ # Android signing material
82
+ android/key.properties
83
+ android/app/keystore/
84
+ keystores/
85
+ *.jks
86
+ *.keystore
87
+
88
+ # iOS signing material
89
+ ios/Plugin/PrivateKey.p8
90
+ *.p12
91
+
92
+ # RSA / ECDSA private keys for plugin bundle signing
93
+ *-private.pem
94
+ *.p8
95
+ ```
96
+
97
+ Then **remove the explicit "we keep .env in git" note** from the top of
98
+ `.gitignore`.
99
+
100
+ Commit this change in a single, isolated commit so the history shows the policy
101
+ shift cleanly:
102
+ ```bash
103
+ git add .gitignore
104
+ git commit -m "chore(security): exclude .env files in preparation for public repo"
105
+ ```
106
+
107
+ ---
108
+
109
+ ## Step 3 — Scrub git history
110
+
111
+ Pick **one** tool. Do this on a fresh local clone, push to a new repo or
112
+ force-push to the same one once verified.
113
+
114
+ ### Option A — `git filter-repo` (recommended)
115
+
116
+ ```bash
117
+ # Install: https://github.com/newren/git-filter-repo
118
+ pip install git-filter-repo
119
+
120
+ # Fresh clone — destructive, do not work on your daily clone
121
+ git clone --mirror git@github.com:aoneahsan/native-update.git native-update-scrub.git
122
+ cd native-update-scrub.git
123
+
124
+ # Remove tracked secret files from all history
125
+ git filter-repo \
126
+ --invert-paths \
127
+ --path .env \
128
+ --path backend/.env \
129
+ --path website/.env \
130
+ --path website/android/keystore.properties
131
+
132
+ # If specific strings (a leaked AKIA key, a hardcoded Sanctum token, an
133
+ # OAuth client secret literal) need to be redacted:
134
+ echo 'sk_live_0123456789012345678901==>REDACTED' > /tmp/replace.txt
135
+ git filter-repo --replace-text /tmp/replace.txt
136
+
137
+ # Verify locally before pushing
138
+ git log --all --full-history -- .env
139
+
140
+ # Force-push the rewritten history
141
+ git push --force --all
142
+ git push --force --tags
143
+ ```
144
+
145
+ ### Option B — `bfg-repo-cleaner`
146
+
147
+ ```bash
148
+ brew install bfg
149
+ git clone --mirror git@github.com:aoneahsan/native-update.git native-update-scrub.git
150
+ cd native-update-scrub.git
151
+ bfg --delete-files '.env'
152
+ bfg --delete-files 'keystore.properties'
153
+ bfg --replace-text /tmp/replace.txt
154
+ git reflog expire --expire=now --all && git gc --prune=now --aggressive
155
+ git push --force
156
+ ```
157
+
158
+ **After force-push:**
159
+ - Tell every collaborator to re-clone. Their old local clones still contain the
160
+ secrets.
161
+ - GitHub caches forks + refs for ~30 days. Open a support ticket asking for a
162
+ cache purge if the leaked secret has not been rotated yet (it shouldn't —
163
+ step 1 ran first).
164
+
165
+ ---
166
+
167
+ ## Step 4 — Verify the public-facing tree
168
+
169
+ Before flipping repo visibility (`gh repo edit --visibility public --accept-visibility-change-consequences`):
170
+
171
+ - [ ] `git ls-files | grep -iE '\.env(\..+)?$' | grep -v example` returns
172
+ **empty**.
173
+ - [ ] `git log --all --diff-filter=A --pretty=format: --name-only | sort -u | grep -iE '\.env(\..+)?$|keystore\.properties$|\.jks$|\.keystore$|\.pem$' | grep -v example`
174
+ returns **empty** (after history scrub).
175
+ - [ ] `git ls-files | xargs grep -lE 'AIza[0-9A-Za-z_-]{35}|AKIA[0-9A-Z]{16}|sk_live_[0-9a-zA-Z]{20,}|-----BEGIN ((RSA |EC )?PRIVATE KEY|OPENSSH PRIVATE KEY)-----'`
176
+ returns **empty or only fake/demo strings**.
177
+ - [ ] `gh secret-scanning alerts list` (after pushing) shows no critical alerts.
178
+ - [ ] All `[REQUIRED]` secrets in `.env.example` are blank in the example file.
179
+ - [ ] `LICENSE` exists and matches the project license everyone expects.
180
+ - [ ] `SECURITY.md` exists with a security-contact email and a vulnerability
181
+ disclosure policy. Add one if missing.
182
+ - [ ] Backend `config/cors.php` `allowed_origins` is locked to production
183
+ domains; CORS fallback in dev does not expose anything sensitive.
184
+ - [ ] Backend route gates are correct: every `/api/dashboard/*` route has
185
+ `auth:sanctum` middleware AND a `can:<permission>` gate (see
186
+ `backend/routes/api.php`). `/api/admin/*` additionally has the
187
+ `RequireAdmin` middleware. `/api/v1/*` (device endpoints) uses
188
+ `ValidateApiKey`, not Sanctum.
189
+ - [ ] Sample data in seeders / fixtures contains no real user PII.
190
+ - [ ] Internal-only docs (work-history with personal context, vendor-private
191
+ notes) moved to a private folder NOT shipped with the public repo, OR
192
+ sanitized.
193
+
194
+ ---
195
+
196
+ ## Step 5 — Flip visibility + monitor
197
+
198
+ ```bash
199
+ gh repo edit aoneahsan/native-update --visibility public --accept-visibility-change-consequences
200
+ ```
201
+
202
+ Then:
203
+
204
+ - Enable **Push protection** for secrets: GitHub repo → Settings → Code
205
+ security → Secret scanning → Push protection → Enable.
206
+ - Enable **Dependency review** in PRs.
207
+ - Enable **Dependabot** alerts + security updates.
208
+ - Subscribe a security inbox to the `gh secret-scanning alerts` webhook.
209
+ - Watch for the next 30 days: search GitHub for the names of the rotated
210
+ secrets to confirm no copy is sitting in someone's fork or gist.
211
+
212
+ ---
213
+
214
+ ## What this runbook does NOT cover
215
+
216
+ - **License changes.** Going public may require relicensing (especially for
217
+ any vendored code that was MIT-OK in private but needs explicit attribution
218
+ in public). Run `npx license-checker --production` and audit before
219
+ publishing.
220
+ - **Trademark + branding.** "Native Update", logos, and visual assets — confirm
221
+ you can publish them under MIT.
222
+ - **GDPR / contractual obligations.** If user emails or any analytics data sit
223
+ in fixtures or test snapshots, scrub or anonymize before publishing.
224
+ - **PR access policy.** Decide upfront: do you accept public PRs? CONTRIBUTING.md
225
+ needs a review-ladder section.
226
+
227
+ ---
228
+
229
+ **Last updated:** 2026-05-08
230
+ **Owner:** Ahsan Mahmood (`aoneahsan@gmail.com`)
231
+ **Companion:** root `.gitignore`, `backend/.env.example`, `website/.env.example`,
232
+ `docs/deployment/PRODUCTION-DEPLOY-CHECKLIST.md`.