native-update 2.0.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (258) hide show
  1. package/Readme.md +28 -14
  2. package/android/manifest-additions.xml +28 -0
  3. package/android/src/main/AndroidManifest.xml +3 -7
  4. package/android/src/main/java/com/aoneahsan/nativeupdate/BackgroundNotificationManager.kt +21 -13
  5. package/android/src/main/java/com/aoneahsan/nativeupdate/LiveUpdatePlugin.kt +196 -29
  6. package/android/src/main/java/com/aoneahsan/nativeupdate/NativeUpdatePlugin.kt +21 -36
  7. package/cli/AGENTS.md +15 -1
  8. package/cli/CLAUDE.md +15 -1
  9. package/cli/commands/backend-create.js +56 -15
  10. package/cli/commands/bundle-create.js +39 -7
  11. package/cli/commands/monitor.js +72 -51
  12. package/cli/index.js +10 -24
  13. package/cli/package.json +11 -3
  14. package/dist/esm/app-review/app-review-manager.js +0 -1
  15. package/dist/esm/app-review/index.js +0 -1
  16. package/dist/esm/app-review/platform-review-handler.js +0 -1
  17. package/dist/esm/app-review/review-conditions-checker.js +0 -1
  18. package/dist/esm/app-review/review-rate-limiter.js +0 -1
  19. package/dist/esm/app-review/types.js +0 -1
  20. package/dist/esm/app-update/app-update-checker.js +0 -1
  21. package/dist/esm/app-update/app-update-installer.d.ts +1 -0
  22. package/dist/esm/app-update/app-update-installer.js +19 -8
  23. package/dist/esm/app-update/app-update-manager.js +0 -1
  24. package/dist/esm/app-update/app-update-notifier.js +0 -1
  25. package/dist/esm/app-update/index.js +0 -1
  26. package/dist/esm/app-update/platform-app-update.js +12 -3
  27. package/dist/esm/app-update/types.js +0 -1
  28. package/dist/esm/background-update/background-scheduler.js +0 -1
  29. package/dist/esm/background-update/index.js +0 -1
  30. package/dist/esm/background-update/notification-manager.js +0 -1
  31. package/dist/esm/config/support.js +0 -1
  32. package/dist/esm/core/analytics.d.ts +13 -0
  33. package/dist/esm/core/analytics.js +15 -1
  34. package/dist/esm/core/cache-manager.js +0 -1
  35. package/dist/esm/core/config.d.ts +0 -15
  36. package/dist/esm/core/config.js +0 -4
  37. package/dist/esm/core/errors.d.ts +1 -0
  38. package/dist/esm/core/errors.js +1 -1
  39. package/dist/esm/core/event-emitter.d.ts +0 -3
  40. package/dist/esm/core/event-emitter.js +8 -3
  41. package/dist/esm/core/logger.js +0 -1
  42. package/dist/esm/core/performance.js +0 -1
  43. package/dist/esm/core/plugin-manager.js +3 -1
  44. package/dist/esm/core/security.d.ts +11 -0
  45. package/dist/esm/core/security.js +27 -1
  46. package/dist/esm/definitions.d.ts +0 -11
  47. package/dist/esm/definitions.js +0 -1
  48. package/dist/esm/index.d.ts +3 -2
  49. package/dist/esm/index.js +3 -1
  50. package/dist/esm/live-update/bundle-manager.d.ts +8 -0
  51. package/dist/esm/live-update/bundle-manager.js +20 -1
  52. package/dist/esm/live-update/certificate-pinning.js +0 -1
  53. package/dist/esm/live-update/delta-processor.d.ts +1 -1
  54. package/dist/esm/live-update/delta-processor.js +3 -1
  55. package/dist/esm/live-update/download-manager.js +9 -2
  56. package/dist/esm/live-update/rollout-checker.d.ts +1 -1
  57. package/dist/esm/live-update/rollout-checker.js +5 -6
  58. package/dist/esm/live-update/update-manager.js +0 -1
  59. package/dist/esm/live-update/version-manager.d.ts +0 -12
  60. package/dist/esm/live-update/version-manager.js +0 -68
  61. package/dist/esm/plugin.js +69 -43
  62. package/dist/esm/security/crypto.js +11 -7
  63. package/dist/esm/security/validator.js +0 -1
  64. package/dist/esm/types/rollout.d.ts +85 -0
  65. package/dist/esm/types/rollout.js +25 -0
  66. package/dist/esm/web.d.ts +8 -0
  67. package/dist/esm/web.js +148 -54
  68. package/dist/plugin.cjs.js +1 -2
  69. package/dist/plugin.esm.js +1 -2
  70. package/dist/plugin.js +2 -3
  71. package/docs/CHANGELOG.md +124 -0
  72. package/docs/CLAUDE.md +1 -1
  73. package/docs/MANUAL-TASKS.md +17 -0
  74. package/docs/MARKETING_WEBSITE_TRACKER.md +18 -2
  75. package/docs/MIGRATION.md +83 -0
  76. package/docs/PACKAGES.md +167 -0
  77. package/docs/PERFORMANCE.md +110 -0
  78. package/docs/PROJECT_COMPLETION_TRACKER.md +4 -35
  79. package/docs/README.md +0 -1
  80. package/docs/REMAINING_FEATURES.md +123 -76
  81. package/docs/ROADMAP.md +200 -120
  82. package/docs/SECURITY-IF-REPO-PUBLIC.md +232 -0
  83. package/docs/TESTING_REQUIREMENTS.md +1 -112
  84. package/docs/ai-knowledge-base/00-project-profile.md +38 -0
  85. package/docs/ai-knowledge-base/01-features.md +46 -0
  86. package/docs/ai-knowledge-base/02-routes.md +72 -0
  87. package/docs/ai-knowledge-base/03-tech-stack.md +57 -0
  88. package/docs/ai-knowledge-base/README.md +23 -0
  89. package/docs/analytics-tracking.md +37 -0
  90. package/docs/capacitor-official-plugins.md +46 -0
  91. package/docs/capawesome-plugins.md +29 -0
  92. package/docs/deployment/HOSTINGER_DEPLOY.md +75 -34
  93. package/docs/deployment/PRODUCTION-DEPLOY-CHECKLIST.md +184 -0
  94. package/docs/docs-site/plan.md +201 -0
  95. package/docs/docs-site/scope.md +127 -0
  96. package/docs/docs-site/tracker.json +235 -0
  97. package/docs/error-handling-tracking.md +37 -0
  98. package/docs/guides/testing-guide.md +15 -41
  99. package/docs/package-audit.md +41 -0
  100. package/docs/play-store/ASO-METADATA.md +5 -0
  101. package/docs/play-store/DATA-SAFETY.md +5 -0
  102. package/docs/play-store/DECLARATIONS.md +5 -0
  103. package/docs/play-store/README.md +27 -0
  104. package/docs/play-store/RELEASE-NOTES.md +99 -0
  105. package/docs/play-store/RELEASE-STEPS.md +6 -0
  106. package/docs/play-store/STORE-LISTING.md +7 -0
  107. package/docs/play-store/SUBMISSION-CHECKLIST.md +5 -0
  108. package/docs/production-readiness.md +1 -1
  109. package/docs/project-audit/2026-05-16/00-FINALIZATION-PLAN.md +123 -0
  110. package/docs/project-audit/2026-05-16/01-BATCH-PLAN.md +227 -0
  111. package/docs/project-audit/2026-05-16/02-AUDIT-FINDINGS.md +144 -0
  112. package/docs/project-audit/2026-05-16/sessions/batch-01.md +42 -0
  113. package/docs/project-audit/2026-05-16/sessions/batch-02.md +74 -0
  114. package/docs/project-audit/2026-05-16/sessions/batch-03.md +71 -0
  115. package/docs/project-audit/2026-05-16/sessions/batch-04.md +88 -0
  116. package/docs/project-audit/2026-05-16/sessions/batch-05.md +63 -0
  117. package/docs/project-audit/2026-05-16/sessions/batch-06.md +103 -0
  118. package/docs/project-audit/2026-05-16/sessions/batch-07.md +61 -0
  119. package/docs/project-audit/2026-05-16/sessions/batch-08.md +101 -0
  120. package/docs/project-audit/2026-05-16/sessions/batch-09.md +105 -0
  121. package/docs/project-audit/2026-05-16/sessions/batch-10.md +102 -0
  122. package/docs/project-audit/AUDIT-HISTORY.md +74 -0
  123. package/docs/project-audit/BATCH-PLAN.md +168 -0
  124. package/docs/project-audit/MARKETING-WEBSITE-FINDINGS-2026-05-11.md +73 -0
  125. package/docs/project-audit/PRODUCTION-READINESS-AUDIT-2026-05-08.md +275 -0
  126. package/docs/project-finalization/00-tracker.json +60 -0
  127. package/docs/project-knowledge-base/01-system-overview.md +39 -30
  128. package/docs/project-knowledge-base/02-routes-pages-forms-users.md +87 -81
  129. package/docs/project-knowledge-base/03-tech-stack-modules-services.md +140 -108
  130. package/docs/project-knowledge-base/04-data-models-integrations.md +191 -254
  131. package/docs/project-knowledge-base/05-docs-corpus-inventory.md +83 -20
  132. package/docs/project-knowledge-base/06-operations-testing-legal-content.md +67 -29
  133. package/docs/project-knowledge-base/README.md +27 -14
  134. package/docs/project-profiles/native-update-capacitor-update-platform-project-profile-last-updated-2026-05-19.md +81 -0
  135. package/docs/rules-tracker.md +102 -0
  136. package/docs/security/PRE-LAUNCH-PENTEST-CHECKLIST.md +116 -0
  137. package/docs/social-media-marketing/README.md +81 -0
  138. package/docs/social-media-marketing/posts-batch-01.md +613 -0
  139. package/docs/social-media-marketing/posts-batch-02.md +528 -0
  140. package/docs/social-media-marketing/whatsapp-messages-batch-01.md +458 -0
  141. package/docs/social-media-marketing/whatsapp-status-batch-01.md +355 -0
  142. package/docs/tracking/finalization-2026-05-16-tracker.json +346 -0
  143. package/docs/tracking/full-audit-tracker.json +121 -0
  144. package/docs/tracking/production-readiness-audit-tracker.json +429 -0
  145. package/ios/Plugin/BackgroundUpdate/BackgroundUpdatePlugin.swift +16 -3
  146. package/ios/Plugin/LiveUpdate/LiveUpdatePlugin.swift +71 -47
  147. package/ios/Plugin/NativeUpdatePlugin.swift +14 -9
  148. package/package.json +29 -29
  149. package/cli/node_modules/.yarn-integrity +0 -16
  150. package/cli/node_modules/commander/LICENSE +0 -22
  151. package/cli/node_modules/commander/Readme.md +0 -1148
  152. package/cli/node_modules/commander/esm.mjs +0 -16
  153. package/cli/node_modules/commander/index.js +0 -26
  154. package/cli/node_modules/commander/lib/argument.js +0 -145
  155. package/cli/node_modules/commander/lib/command.js +0 -2179
  156. package/cli/node_modules/commander/lib/error.js +0 -43
  157. package/cli/node_modules/commander/lib/help.js +0 -462
  158. package/cli/node_modules/commander/lib/option.js +0 -329
  159. package/cli/node_modules/commander/lib/suggestSimilar.js +0 -100
  160. package/cli/node_modules/commander/package-support.json +0 -16
  161. package/cli/node_modules/commander/package.json +0 -80
  162. package/cli/node_modules/commander/typings/esm.d.mts +0 -3
  163. package/cli/node_modules/commander/typings/index.d.ts +0 -884
  164. package/cli/yarn.lock +0 -8
  165. package/dist/esm/__tests__/bundle-manager.test.d.ts +0 -1
  166. package/dist/esm/__tests__/bundle-manager.test.js +0 -151
  167. package/dist/esm/__tests__/bundle-manager.test.js.map +0 -1
  168. package/dist/esm/__tests__/config.test.d.ts +0 -1
  169. package/dist/esm/__tests__/config.test.js +0 -70
  170. package/dist/esm/__tests__/config.test.js.map +0 -1
  171. package/dist/esm/__tests__/delta-processor.test.d.ts +0 -1
  172. package/dist/esm/__tests__/delta-processor.test.js +0 -77
  173. package/dist/esm/__tests__/delta-processor.test.js.map +0 -1
  174. package/dist/esm/__tests__/firestore-schema.test.d.ts +0 -1
  175. package/dist/esm/__tests__/firestore-schema.test.js +0 -74
  176. package/dist/esm/__tests__/firestore-schema.test.js.map +0 -1
  177. package/dist/esm/__tests__/integration.test.d.ts +0 -1
  178. package/dist/esm/__tests__/integration.test.js +0 -78
  179. package/dist/esm/__tests__/integration.test.js.map +0 -1
  180. package/dist/esm/__tests__/manifest-reader.test.d.ts +0 -1
  181. package/dist/esm/__tests__/manifest-reader.test.js +0 -271
  182. package/dist/esm/__tests__/manifest-reader.test.js.map +0 -1
  183. package/dist/esm/__tests__/rollout-checker.test.d.ts +0 -1
  184. package/dist/esm/__tests__/rollout-checker.test.js +0 -210
  185. package/dist/esm/__tests__/rollout-checker.test.js.map +0 -1
  186. package/dist/esm/__tests__/security-enforcement.test.d.ts +0 -1
  187. package/dist/esm/__tests__/security-enforcement.test.js +0 -95
  188. package/dist/esm/__tests__/security-enforcement.test.js.map +0 -1
  189. package/dist/esm/__tests__/security.test.d.ts +0 -1
  190. package/dist/esm/__tests__/security.test.js +0 -54
  191. package/dist/esm/__tests__/security.test.js.map +0 -1
  192. package/dist/esm/__tests__/version-manager.test.d.ts +0 -1
  193. package/dist/esm/__tests__/version-manager.test.js +0 -45
  194. package/dist/esm/__tests__/version-manager.test.js.map +0 -1
  195. package/dist/esm/app-review/app-review-manager.js.map +0 -1
  196. package/dist/esm/app-review/index.js.map +0 -1
  197. package/dist/esm/app-review/platform-review-handler.js.map +0 -1
  198. package/dist/esm/app-review/review-conditions-checker.js.map +0 -1
  199. package/dist/esm/app-review/review-rate-limiter.js.map +0 -1
  200. package/dist/esm/app-review/types.js.map +0 -1
  201. package/dist/esm/app-update/app-update-checker.js.map +0 -1
  202. package/dist/esm/app-update/app-update-installer.js.map +0 -1
  203. package/dist/esm/app-update/app-update-manager.js.map +0 -1
  204. package/dist/esm/app-update/app-update-notifier.js.map +0 -1
  205. package/dist/esm/app-update/index.js.map +0 -1
  206. package/dist/esm/app-update/platform-app-update.js.map +0 -1
  207. package/dist/esm/app-update/types.js.map +0 -1
  208. package/dist/esm/background-update/background-scheduler.js.map +0 -1
  209. package/dist/esm/background-update/index.js.map +0 -1
  210. package/dist/esm/background-update/notification-manager.js.map +0 -1
  211. package/dist/esm/config/support.js.map +0 -1
  212. package/dist/esm/core/analytics.js.map +0 -1
  213. package/dist/esm/core/cache-manager.js.map +0 -1
  214. package/dist/esm/core/config.js.map +0 -1
  215. package/dist/esm/core/errors.js.map +0 -1
  216. package/dist/esm/core/event-emitter.js.map +0 -1
  217. package/dist/esm/core/logger.js.map +0 -1
  218. package/dist/esm/core/performance.js.map +0 -1
  219. package/dist/esm/core/plugin-manager.js.map +0 -1
  220. package/dist/esm/core/security.js.map +0 -1
  221. package/dist/esm/definitions.js.map +0 -1
  222. package/dist/esm/firestore/firestore-client.d.ts +0 -109
  223. package/dist/esm/firestore/firestore-client.js +0 -264
  224. package/dist/esm/firestore/firestore-client.js.map +0 -1
  225. package/dist/esm/firestore/index.d.ts +0 -11
  226. package/dist/esm/firestore/index.js +0 -11
  227. package/dist/esm/firestore/index.js.map +0 -1
  228. package/dist/esm/firestore/manifest-reader.d.ts +0 -87
  229. package/dist/esm/firestore/manifest-reader.js +0 -294
  230. package/dist/esm/firestore/manifest-reader.js.map +0 -1
  231. package/dist/esm/firestore/schema.d.ts +0 -507
  232. package/dist/esm/firestore/schema.js +0 -73
  233. package/dist/esm/firestore/schema.js.map +0 -1
  234. package/dist/esm/index.js.map +0 -1
  235. package/dist/esm/live-update/bundle-manager.js.map +0 -1
  236. package/dist/esm/live-update/certificate-pinning.js.map +0 -1
  237. package/dist/esm/live-update/delta-processor.js.map +0 -1
  238. package/dist/esm/live-update/download-manager.js.map +0 -1
  239. package/dist/esm/live-update/rollout-checker.js.map +0 -1
  240. package/dist/esm/live-update/update-manager.js.map +0 -1
  241. package/dist/esm/live-update/version-manager.js.map +0 -1
  242. package/dist/esm/plugin.js.map +0 -1
  243. package/dist/esm/security/crypto.js.map +0 -1
  244. package/dist/esm/security/validator.js.map +0 -1
  245. package/dist/esm/web.js.map +0 -1
  246. package/dist/plugin.cjs.js.map +0 -1
  247. package/dist/plugin.esm.js.map +0 -1
  248. package/dist/plugin.js.map +0 -1
  249. package/docs/FIREBASE_INTEGRATION_TRACKER.md +0 -321
  250. package/docs/FIREBASE_QUERIES_AND_INDEXES_AUDIT.md +0 -221
  251. package/docs/examples/firebase-backend-example.md +0 -27
  252. package/docs/features/laravel-nova-backend/credentials.ignore.md +0 -34
  253. package/docs/guides/no-cost-backend-implementation-plan.md +0 -77
  254. package/docs/guides/no-cost-firestore-google-drive-backend.md +0 -60
  255. package/docs/project-profiles/native-update-capacitor-update-platform-project-profile-last-updated-2026-03-16.md +0 -454
  256. package/docs/project-profiles/native-update-capacitor-update-platform-project-profile-last-updated-2026-03-24.md +0 -66
  257. package/docs/project-profiles/native-update-capacitor-update-platform-project-profile-last-updated-2026-03-25.md +0 -67
  258. /package/docs/{MARKETING_WEBSITE_PLAN.md → archive/MARKETING_WEBSITE_PLAN.md} +0 -0
@@ -0,0 +1,127 @@
1
+ # Documentation Site — Scope
2
+
3
+ **Project**: Public Docusaurus documentation site for the `native-update` Capacitor plugin.
4
+ **Repo location**: `/home/ahsan/Documents/01-code/projects/native-update-docs/` (sibling, separate public GitHub repo)
5
+ **Hosting**: Dedicated Firebase project (TBD in Batch 10)
6
+ **Versioning**: Single version — latest only (no version dropdown for v1)
7
+ **Theme**: Default Docusaurus `classic` preset + brand colors + logo + dark mode
8
+ **Author credit**: Ahsan Mahmood (aoneahsan@gmail.com, https://aoneahsan.com, https://linkedin.com/in/aoneahsan) — surfaced on every page footer + about/credits page + JSON-LD `author`
9
+
10
+ ## Reference date
11
+
12
+ **Scope locked**: 2026-05-10
13
+ **Source of truth**: `native-update` plugin v3.0.0 (`package.json`)
14
+
15
+ ---
16
+
17
+ ## What we're documenting (surface area)
18
+
19
+ ### 1. Plugin SDK — TypeScript API (`src/`)
20
+
21
+ **~30 public methods**, **~50 types/interfaces**, **11 events**, **10 enums**, split across 6 feature areas:
22
+
23
+ | Area | Methods | Notes |
24
+ |---|---|---|
25
+ | Live Update (OTA) | 20 — `sync`, `download`, `set`, `reload`, `reset`, `current`, `list`, `delete`, `notifyAppReady`, `getLatest`, `setChannel`, `setUpdateUrl`, `validateUpdate`, `checkForUpdate`, `downloadUpdate`, `applyUpdate`, `cancelDownload`, `cancelAllDownloads`, `isDownloading`, `getActiveDownloadCount` | Largest feature surface. Bundle lifecycle, channels, signing, rollback. |
26
+ | App Update (in-app, store-driven) | 5 — `getAppUpdateInfo`, `performImmediateUpdate`, `startFlexibleUpdate`, `completeFlexibleUpdate`, `openAppStore` | Wraps Play In-App Updates and iOS App Store check. |
27
+ | App Review | 2 — `requestReview`, `canRequestReview` | Wraps Play In-App Review and SKStoreReviewController. |
28
+ | Background Update | 8 — `enableBackgroundUpdates`, `disableBackgroundUpdates`, `getBackgroundUpdateStatus`, `scheduleBackgroundCheck`, `triggerBackgroundCheck`, `setNotificationPreferences`, `getNotificationPermissions`, `requestNotificationPermissions` | Battery-aware, network-aware silent updates. |
29
+ | Security | 1 — `getSecurityInfo` (+ ChecksumAlgorithm enum, certificate pinning config, 20+ error codes) | Bundle integrity, signing, HTTPS enforcement. |
30
+ | Core | 5 — `initialize`, `isInitialized`, `reset`, `cleanup`, `configure` | Plugin lifecycle. |
31
+
32
+ **Events** (via `addListener()`): `downloadProgress`, `updateStateChanged`, `backgroundUpdateProgress`, `backgroundUpdateNotification`, `appUpdateStateChanged`, `appUpdateProgress`, `appUpdateAvailable`, `appUpdateReady`, `appUpdateFailed`, `appUpdateNotificationClicked`, `appUpdateInstallClicked`.
33
+
34
+ **Power-user exports** (`src/index.ts`): `ConfigManager`, `Logger`, `SecurityValidator`, `PluginManager`, `CacheManager`, `BundleManager`, `DownloadManager`, `VersionManager`, `UpdateManager`, error classes (`NativeUpdateError`, `ConfigurationError`, `DownloadError`, `ValidationError`, `StorageError`, `UpdateErrorClass`), rollout/device-info types.
35
+
36
+ ### 2. CLI (`cli/commands/`) — 8 commands
37
+
38
+ | Command | Purpose |
39
+ |---|---|
40
+ | `init` | Scaffold native-update into an existing Capacitor project |
41
+ | `keys generate` | Generate RSA/ECDSA keypair for bundle signing |
42
+ | `bundle create` | Build a ZIP bundle from a built app dir (excludes node_modules, .git, .env) |
43
+ | `bundle sign` | Sign bundle with private key (SHA-256/512 + RSA/ECDSA) |
44
+ | `bundle verify` | Verify bundle signature with public key |
45
+ | `server start` | Start a local Express dev server for testing updates |
46
+ | `monitor` | Poll an update server and print available updates |
47
+ | `backend create` | Scaffold a Laravel + Nova backend (with greppable `TODO[SCAFFOLD-IMPLEMENT-BEFORE-DEPLOY]` markers) |
48
+
49
+ ### 3. Backend (`backend/` — Laravel 11 + Nova 5)
50
+
51
+ **API routes** (top-level groups):
52
+ - `/health` — liveness check
53
+ - `/v1/updates/check` — update check (public, signed)
54
+ - `/v1/analytics/{mau,download,install}` — anonymous usage telemetry
55
+ - `/v1/bundles/{build}/download` — bundle download (signed URL)
56
+ - `/dashboard/*` — admin panel (Firebase token required) — apps, builds, api-keys, signing-keys, stats, license management
57
+ - `/admin/*` — internal admin
58
+ - `/webhooks/paypal` — PayPal subscription webhook
59
+
60
+ **Nova resources** (22): App, User, Build, ApiKey, SigningKey, BuildChannel, BuildStatusFilter, UserStatusFilter, UserPlanFilter, ApiKeyStatusFilter, SigningKeyStatusFilter, ArchiveBuild, ActivateBuild, AssignLicense, DeprecateApiKey, RevokeApiKey, RevokeSigningKey, RotateSigningKey, SetCustomLimits, SuspendUser, UnsuspendUser, Resource (base).
61
+
62
+ ### 4. Platform-native implementations
63
+
64
+ - **Android** — 10 Kotlin files at `android/src/main/java/com/aoneahsan/nativeupdate/` (NativeUpdatePlugin, LiveUpdatePlugin, AppUpdatePlugin, AppReviewPlugin, BackgroundUpdatePlugin, SecurityManager, BackgroundUpdateWorker, BackgroundUpdateManager, BackgroundNotificationManager, NotificationActionReceiver). Manifest additions documented in `android/manifest-additions.xml`.
65
+ - **iOS** — 8 Swift files at `ios/Plugin/` (NativeUpdatePlugin, LiveUpdatePlugin, AppUpdatePlugin, AppReviewPlugin, BackgroundUpdatePlugin, SecurityManager, BackgroundNotificationManager, WebViewConfiguration). Pod published as `NativeUpdate.podspec`.
66
+ - **Web** — `src/web.ts` (browser fallback for development).
67
+
68
+ ### 5. Example apps (`example-apps/`)
69
+
70
+ | App | Stack | Demonstrates |
71
+ |---|---|---|
72
+ | `react-capacitor` | React + Vite + Capacitor 8 | Mobile OTA bundle workflow end-to-end |
73
+ | `node-express` | Node.js + Express | Minimal HTTP backend (`/api/updates/check`, `/api/bundles/upload`, bundle serving) |
74
+
75
+ ---
76
+
77
+ ## What we're NOT documenting in v1
78
+
79
+ - The hosted SaaS dashboard (https://nativeupdate.aoneahsan.com) — that's a marketing surface owned by `website/`, not the SDK docs.
80
+ - Internal Nova action implementation details — Nova is the user-facing surface; how each action is coded is implementation detail.
81
+ - Backend Laravel class internals beyond config + endpoints + setup — the backend is "reference implementation", not a teaching project.
82
+ - v1 / v2 history — single-version site, v3.x only. Migration documented in one page; older API never re-documented.
83
+
84
+ ---
85
+
86
+ ## Information architecture (Diátaxis-aligned)
87
+
88
+ | Quadrant | Section | Content |
89
+ |---|---|---|
90
+ | Tutorials (learning) | `tutorials/` | End-to-end first-update walkthrough; backend-first walkthrough |
91
+ | How-to guides (problems) | `how-to/` | Channel management; key rotation; rollback; CodePush migration; testing strategy; CI/CD pipelines |
92
+ | Reference (information) | `reference/sdk/`, `reference/cli/`, `reference/backend-api/` | Every method, type, event, command, endpoint |
93
+ | Explanation (understanding) | `concepts/` | How OTA updates work; bundle integrity; update strategies compared; architecture; security model |
94
+
95
+ Plus three top-level sections: `getting-started/` (intro, installation, quick start, configuration), `platforms/` (Android, iOS, Web specifics), `backend/` (Laravel self-host + Node-Express minimal).
96
+
97
+ ---
98
+
99
+ ## SEO / AEO targets
100
+
101
+ - **AI bots allowed in robots.txt** (GPTBot, ChatGPT-User, ClaudeBot, anthropic-ai, PerplexityBot, Google-Extended, CCBot, Applebot, Bingbot)
102
+ - `llms.txt` + `llms-full.txt` at site root
103
+ - Per-page JSON-LD: `WebSite`, `Organization`, `BreadcrumbList`, `TechArticle` (with `author`), `FAQPage` (where applicable), `HowTo` (tutorials)
104
+ - Sitemap auto-generated by `@docusaurus/plugin-sitemap`
105
+ - Open Graph + Twitter Card per page (Docusaurus config)
106
+ - Public GitHub repo (boosts crawl discoverability per the `seo-aeo-ranking.md` Wikipedia/GitHub presence rule)
107
+
108
+ ---
109
+
110
+ ## Author credits surfacing
111
+
112
+ Required everywhere a reader sees brand:
113
+ - Footer: "Built by [Ahsan Mahmood](https://aoneahsan.com)" with linkedin.com/in/aoneahsan, GitHub, npm links
114
+ - About / Credits page (`docs/about-the-author.md`)
115
+ - JSON-LD `author` on every TechArticle
116
+ - `package.json` author + `meta.author` Docusaurus tag
117
+ - README footer
118
+ - Hosted site footer
119
+
120
+ ---
121
+
122
+ ## Out-of-scope items the user has signalled future interest in
123
+
124
+ - Custom theme matching `website/` design system (deferred — chose default + brand colors for v1)
125
+ - Versioning (deferred until v4 ships)
126
+ - Internationalisation (no signal yet)
127
+ - Custom search beyond Docusaurus default — Algolia DocSearch can be added later
@@ -0,0 +1,235 @@
1
+ {
2
+ "$schema": "docs-site-tracker-v1",
3
+ "description": "Resumable tracker for the native-update Docusaurus documentation site project. Read first on every re-run of the docs-site prompt; honours the 7-day cooldown after full completion.",
4
+ "project": "native-update",
5
+ "docs_repo_path": "/home/ahsan/Documents/01-code/projects/native-update-docs/",
6
+ "docs_repo_remote": "TBD — created in Batch 10 (will be a public GitHub repo)",
7
+ "hosting": {
8
+ "platform": "Firebase Hosting (dedicated project)",
9
+ "firebase_project_id": "TBD — created in Batch 10",
10
+ "live_url": "TBD"
11
+ },
12
+ "scope_doc": "docs/docs-site/scope.md",
13
+ "plan_doc": "docs/docs-site/plan.md",
14
+ "total_batches": 10,
15
+ "current_batch": 10,
16
+ "progress_pct": 100,
17
+ "last_run": {
18
+ "started_at": "2026-05-10",
19
+ "status": "complete",
20
+ "completed_at": "2026-05-11",
21
+ "next_allowed_run_after": "2026-05-18",
22
+ "cooldown_days": 7,
23
+ "notes": "All 10 batches complete. Docs site is feature-complete with 58 pages plus deploy-ready discovery + SEO infrastructure. The Firebase Hosting deploy and the public GitHub repo creation are documented in native-update-docs/DEPLOY.md as user-actions — they require `firebase login` and `gh auth` against the user's accounts and cannot be automated from CI/agent context. Cooldown: 7-day soft gate before re-running this prompt. Override conditions: broken yarn build in sibling, published page 404/5xx, Lighthouse SEO drops below 95, production incident."
24
+ },
25
+ "batches": [
26
+ {
27
+ "id": 1,
28
+ "title": "Foundation & first pages",
29
+ "status": "completed",
30
+ "started_at": "2026-05-10",
31
+ "completed_at": "2026-05-10",
32
+ "skills_invoked": ["documentation-writer", "ai-seo", "copywriting"],
33
+ "deliverables": [
34
+ "native-update: docs/docs-site/scope.md",
35
+ "native-update: docs/docs-site/plan.md",
36
+ "native-update: docs/docs-site/tracker.json (this file)",
37
+ "native-update: root CLAUDE.md + AGENTS.md docs-site record",
38
+ "native-update-docs: package.json, tsconfig.json, docusaurus.config.ts, sidebars.ts, .gitignore, .editorconfig",
39
+ "native-update-docs: src/css/custom.css (brand palette + dark mode)",
40
+ "native-update-docs: src/pages/index.tsx (homepage)",
41
+ "native-update-docs: static/img/logo.svg, favicon.svg, social-card.svg",
42
+ "native-update-docs: static/robots.txt (skeleton)",
43
+ "native-update-docs: docs/intro.md, docs/getting-started/installation.md, docs/getting-started/quick-start.md",
44
+ "native-update-docs: docs/about-the-author.md",
45
+ "native-update-docs: README.md, CLAUDE.md, AGENTS.md",
46
+ "native-update-docs: git init + first commit",
47
+ "~/.dev-ports.json: register port 5960"
48
+ ],
49
+ "verification": "yarn build in sibling exits 0; folder structure matches sidebars.ts; homepage renders Ahsan author block",
50
+ "commit_native_update": "TBD",
51
+ "commit_docs_repo": "TBD"
52
+ },
53
+ {
54
+ "id": 2,
55
+ "title": "SDK Reference: Live Update (OTA)",
56
+ "status": "completed",
57
+ "started_at": "2026-05-10",
58
+ "completed_at": "2026-05-10",
59
+ "skills_invoked": ["documentation-writer", "ai-seo"],
60
+ "deliverables": [
61
+ "native-update-docs: docs/reference/sdk/live-update/overview.md (~1100 words, mental model, FAQ, mermaid state diagram)",
62
+ "native-update-docs: docs/reference/sdk/live-update/methods.md (~2500 words, all 20 methods grouped: sync/check, download, apply/rollback, inspect, configure, maintenance; signatures verbatim from src/definitions.ts)",
63
+ "native-update-docs: docs/reference/sdk/live-update/types.md (10 types: SyncOptions, SyncResult, DownloadOptions, DownloadUpdateOptions, BundleInfo, DeleteOptions, LatestVersion, CheckForUpdateResult, ValidateOptions, ValidationResult)",
64
+ "native-update-docs: docs/reference/sdk/live-update/enums.md (UpdateStrategy, UpdateMode, ChecksumAlgorithm, SyncStatus, BundleStatus + Live-Update subset of UpdateErrorCode)",
65
+ "native-update-docs: docs/reference/sdk/live-update/events.md (downloadProgress + updateStateChanged with cleanup pattern)",
66
+ "native-update-docs: docs/reference/sdk/live-update/config.md (LiveUpdateConfig field-by-field + recommended prod/dev examples)",
67
+ "native-update-docs: sidebars.ts — SDK Reference > Live Update (OTA) category active"
68
+ ],
69
+ "verification": "yarn build clean (no broken anchors after 2 explicit-id fixes); 6 pages reachable at /reference/sdk/live-update/*; explicit anchor IDs added for setChannel, setUpdateUrl, UpdateErrorCode to make slugs stable"
70
+ },
71
+ {
72
+ "id": 3,
73
+ "title": "SDK Reference: App Update + App Review",
74
+ "status": "completed",
75
+ "started_at": "2026-05-10",
76
+ "completed_at": "2026-05-10",
77
+ "skills_invoked": ["documentation-writer", "ai-seo"],
78
+ "deliverables": [
79
+ "native-update-docs: docs/reference/sdk/app-update/overview.md (mental model, when-to-use matrix, platform behaviour matrix Android/iOS/Web, Play priority 0-5 table, mermaid sequence diagram, 6-entry FAQ block)",
80
+ "native-update-docs: docs/reference/sdk/app-update/methods.md (all 5 methods: getAppUpdateInfo, performImmediateUpdate, startFlexibleUpdate, completeFlexibleUpdate, openAppStore — with platform notes, throws, examples)",
81
+ "native-update-docs: docs/reference/sdk/app-update/types.md (AppUpdateInfo with 10 fields + decision-matrix code; OpenAppStoreOptions)",
82
+ "native-update-docs: docs/reference/sdk/app-update/events.md (7 events: appUpdateStateChanged + appUpdateProgress + appUpdateAvailable + appUpdateReady + appUpdateFailed + appUpdateNotificationClicked + appUpdateInstallClicked; embeds InstallStatus enum reference)",
83
+ "native-update-docs: docs/reference/sdk/app-update/config.md (AppUpdateConfig field-by-field with prod recipe)",
84
+ "native-update-docs: docs/reference/sdk/app-review/overview.md (Apple 3-per-365 rule explained, default throttling table, mental model, 6-entry FAQ block)",
85
+ "native-update-docs: docs/reference/sdk/app-review/methods.md (canRequestReview + requestReview with the recommended call-site pattern; ReviewResult + CanRequestReviewResult inline)",
86
+ "native-update-docs: docs/reference/sdk/app-review/config.md (AppReviewConfig field-by-field; prod + dev recipes; Apple-throttle warning admonition)",
87
+ "native-update-docs: sidebars.ts — App Update + App Review categories activated under SDK Reference"
88
+ ],
89
+ "verification": "yarn build clean (one broken-link to Batch 4 background-update/overview was fixed by converting to italic placeholder); 8 new pages reachable at /reference/sdk/app-update/* and /reference/sdk/app-review/*"
90
+ },
91
+ {
92
+ "id": 4,
93
+ "title": "SDK Reference: Background Updates + Security + Core",
94
+ "status": "completed",
95
+ "started_at": "2026-05-11",
96
+ "completed_at": "2026-05-11",
97
+ "skills_invoked": ["documentation-writer", "ai-seo"],
98
+ "deliverables": [
99
+ "native-update-docs: docs/reference/sdk/background-update/overview.md (mental model, when-to-use matrix, platform behaviour matrix Android WorkManager / iOS BGTaskScheduler / Web, mermaid flowchart of OS-fired task gates, sample wiring, 6-entry FAQ explaining 'how often does this actually run')",
100
+ "native-update-docs: docs/reference/sdk/background-update/methods.md (all 8 methods: enableBackgroundUpdates, disableBackgroundUpdates, getBackgroundUpdateStatus, scheduleBackgroundCheck, triggerBackgroundCheck, setNotificationPreferences, getNotificationPermissions, requestNotificationPermissions; embedded BackgroundUpdateStatus + BackgroundCheckResult + NotificationPermissionStatus type tables)",
101
+ "native-update-docs: docs/reference/sdk/background-update/config.md (BackgroundUpdateConfig 12 fields + NotificationPreferences 10 fields + BackgroundUpdateType + NotificationPriority enums; production recipe; iOS Info.plist BGTaskSchedulerPermittedIdentifiers note)",
102
+ "native-update-docs: docs/reference/sdk/background-update/events.md (backgroundUpdateProgress + backgroundUpdateNotification with payloads, lifecycle, action flow; 'apply update on tap' example)",
103
+ "native-update-docs: docs/reference/sdk/security/overview.md (3-layer security model table, getSecurityInfo + SecurityInfo type, SecurityConfig field-by-field with deprecated secureStorage call-out, threat-model coverage table, 6-entry FAQ on key rotation + clock skew + at-rest encryption)",
104
+ "native-update-docs: docs/reference/sdk/security/error-codes.md (full UpdateErrorCode catalogue grouped by domain: network, download, security, install, permission, app-update, app-review, config; mapping to typed Error classes for instanceof checks)",
105
+ "native-update-docs: docs/reference/sdk/security/certificate-pinning.md (CertificatePinning + CertificatePin types, working OpenSSL recipe to extract SHA-256 SPKI pins, operational checklist with the two-pin rule, when-NOT-to-use guidance, 5-entry FAQ on Let's Encrypt + HPKP + captive portals)",
106
+ "native-update-docs: docs/reference/sdk/core/lifecycle.md (initialize, isInitialized, configure, reset, cleanup with mermaid state diagram of allowed transitions; clarification of the dual-meaning reset())",
107
+ "native-update-docs: docs/reference/sdk/core/config.md (PluginInitConfig — 24 fields grouped: server, live-update shorthand, download tuning, security, filesystem injection, native app-update/review, logging; ms-vs-seconds units gotcha highlighted; production recipe)",
108
+ "native-update-docs: sidebars.ts — Background Update + Security + Core categories activated under SDK Reference (SDK Reference section now complete)",
109
+ "native-update-docs: app-update/events.md — restored real link to background-update/overview (was Batch-3 italic placeholder)"
110
+ ],
111
+ "verification": "yarn build clean; 9 new pages render at /reference/sdk/background-update/* and /reference/sdk/security/* and /reference/sdk/core/*; total docs site now 27 pages; SDK Reference section feature-complete"
112
+ },
113
+ {
114
+ "id": 5,
115
+ "title": "CLI Reference",
116
+ "status": "completed",
117
+ "started_at": "2026-05-11",
118
+ "completed_at": "2026-05-11",
119
+ "skills_invoked": ["documentation-writer", "ai-seo"],
120
+ "deliverables": [
121
+ "native-update-docs: docs/reference/cli/overview.md (~1100 words — when-to-use matrix, install, quick-start workflow, exit codes, output conventions, default-artifact-locations table, what-the-CLI-does-NOT-do, FAQ)",
122
+ "native-update-docs: docs/reference/cli/init.md (interactive 4-prompt walkthrough, --example + --backend flags, generated config shape, common errors, limitations)",
123
+ "native-update-docs: docs/reference/cli/keys-generate.md (RSA 2048/4096 + EC P-256/P-384 matrix, output filenames + chmod 600, algorithm-choice guidance, rotation policy, install-public-key recipe)",
124
+ "native-update-docs: docs/reference/cli/bundle-create.md (flags table, examples, what-the-bundle-contains, safety refused-bundle list (node_modules/.git/.env*), reproducibility note, success output sample)",
125
+ "native-update-docs: docs/reference/cli/bundle-sign.md (RSA-SHA256, .sig sidecar JSON shape, signing in CI, common PEM errors, why backend must serve the sidecar)",
126
+ "native-update-docs: docs/reference/cli/bundle-verify.md (sidecar lookup convention, valid vs invalid output, CI release-gate pattern, how-verification-works step-by-step, limitations)",
127
+ "native-update-docs: docs/reference/cli/server-start.md (4 endpoints documented: /api/latest, /api/bundles, /bundles/<file>, /health; localhost-vs-LAN caveat; what-it-does-NOT-do block; stopping convention)",
128
+ "native-update-docs: docs/reference/cli/monitor.md (dashboard preview, expected /api/stats response shape, 5s polling + 5-failure bailout, SIGINT/SIGTERM handling, headless-mode limitation)",
129
+ "native-update-docs: docs/reference/cli/backend-create.md (express/firebase/vercel, SCAFFOLD_BANNER explained, TODO[SCAFFOLD-IMPLEMENT-BEFORE-DEPLOY] grep workflow, when-NOT-to-use guidance steering to example-apps/node-express + backend/)",
130
+ "native-update-docs: sidebars.ts — CLI Reference category active under SDK Reference; removed commented-out Batch-5 placeholder block"
131
+ ],
132
+ "verification": "yarn build clean (no broken-link errors after build); 9 new pages reachable at /reference/cli/*; build output verified via ls of build/reference/cli/ — all 9 .html files present"
133
+ },
134
+ {
135
+ "id": 6,
136
+ "title": "Backend setup guides",
137
+ "status": "completed",
138
+ "started_at": "2026-05-11",
139
+ "completed_at": "2026-05-11",
140
+ "skills_invoked": ["documentation-writer", "technical-writing"],
141
+ "deliverables": [
142
+ "native-update-docs: docs/backend/overview.md (~1300 words — what-the-backend-does endpoint table, three options matrix (Hosted SaaS / Self-host Laravel / Roll your own), how-to-choose chooser table, what-stays-the-same regardless of backend invariants block, next-steps fork)",
143
+ "native-update-docs: docs/backend/laravel-nova-self-host.md (~2400 words — what-you're-deploying overview, prerequisites (PHP 8.2+, MySQL/Postgres, Redis, supervisor), clone+install+build, env walk-through (APP_KEY / CORS / FIREBASE / NATIVE_UPDATE_FIREBASE_AUTO_CREATE / PAYPAL / ADMIN_EMAILS), schema notes (~14 tables — users/apps/builds/api_keys/signing_keys/analytics), four storage backends (FilesHub default, Drive, S3/R2, local), queue worker with sample systemd unit, optimize-cache sequence, Firebase token verification + clock-skew warning, Nova license auth.json, sample nginx vhost, smoke-test commands)",
144
+ "native-update-docs: docs/backend/node-express-minimal.md (~1700 words — what-it-implements vs what-it-doesn't (skips analytics), running locally, contract mapping endpoint-by-endpoint with code snippets pulled from the actual repo, what production needs vs what the example has (signing URLs, checksums, signatures, rate limiting), framework-translation guidance for Hono/Fastify/etc., when-to-graduate-from-this-example triggers)",
145
+ "native-update-docs: docs/backend/api-contract.md (~2100 words — full wire spec for 6 endpoints (health, /updates/check, /bundles/{id}/download, /analytics/mau, /analytics/download, /analytics/install), auth schemes table (API-key vs signed URL vs Firebase token), header tables, response shapes with field semantics, error envelope convention, field-naming-reminder block listing the 11 canonical fields that custom backends must NOT rename)",
146
+ "native-update-docs: docs/backend/nova-admin-overview.md (~1700 words — group structure (Content vs Security), tour of 5 resources (User/App/Build/ApiKey/SigningKey) with fields + relationships + actions + when-to-come-here use-cases, 10 Nova Actions reference table, AuthServiceProvider + admin-bypass `before` hooks pattern documented, what-Nova-is-NOT-for boundary block)",
147
+ "native-update-docs: sidebars.ts — Backend category activated; commented Batch-6 placeholder removed"
148
+ ],
149
+ "verification": "yarn build clean (no broken-link errors); 5 new pages reachable at /backend/*; ls of build/backend/ confirms api-contract.html + laravel-nova-self-host.html + node-express-minimal.html + nova-admin-overview.html + overview.html all generated"
150
+ },
151
+ {
152
+ "id": 7,
153
+ "title": "Platform guides (Android, iOS, Web)",
154
+ "status": "completed",
155
+ "started_at": "2026-05-11",
156
+ "completed_at": "2026-05-11",
157
+ "skills_invoked": ["documentation-writer", "technical-writing", "capacitor-best-practices"],
158
+ "deliverables": [
159
+ "native-update-docs: docs/platforms/android.md (~2100 words — Capacitor + gradle versions, 6 required permissions with sensitive vs non-sensitive breakdown and tools:node='remove' opt-out for non-background-update apps, manifest-additions <service> + <receiver> with explanation of tools:node='merge' and exported=false, WorkManager constraints (NetworkType.UNMETERED / setRequiresBatteryNotLow / setRequiresCharging) with Doze + App Standby caveats, Play Core 2.1.0 + Play Review 2.0.1 with internal-testing-track gotcha, network security config for cleartext localhost, ProGuard rules + likely failure modes, signing setup, Play Console rejection rules (merged-manifest sensitive permissions + foreground service notification requirement), edge-to-edge note, smoke-test commands with adb logcat filters)",
160
+ "native-update-docs: docs/platforms/ios.md (~2400 words — deployment target iOS 14, SPM vs CocoaPods, BGTaskSchedulerPermittedIdentifiers with two identifiers, UIBackgroundModes for background-app-refresh + background-processing, NSAppTransportSecurity with localhost exception pattern, PrivacyInfo.xcprivacy template covering UserDefaults CA92.1 + FileTimestamp C617.1, SKStoreReviewController throttling (Apple 3/365 + plugin's launches/days/lastPrompt knobs), App Store Review Guideline 2.5.2 compliance with rejection-reason examples and how the OTA flow stays inside the JS-in-WKWebView carve-out, Keychain accessibility level explanation, TestFlight + Xcode debugging tips with BGTaskScheduler LLDB simulate command, what-the-plugin-does-NOT-do block (no APNs, no force-update on iOS, no Watch/tvOS), smoke-test commands)",
161
+ "native-update-docs: docs/platforms/web.md (~1500 words — when web target activates, what-works method-by-method (configure/getSecurityInfo/current/list/delete/notifyAppReady/reload/setChannel/getLatest/openAppStore/requestReview), what's-stubbed throwing PLATFORM_NOT_SUPPORTED, service-worker update path with full register+message-passing code, three legitimate use cases (dev fallback, PWA deployment, E2E tests), three when-NOT-to-use callouts, configuration that affects web vs ignored fields, browser support matrix, smoke-test snippet)",
162
+ "native-update-docs: sidebars.ts — Platforms category activated; commented Batch-7 placeholder removed"
163
+ ],
164
+ "verification": "yarn build clean (no broken-link errors); 3 new pages reachable at /platforms/*; ls of build/platforms/ confirms android.html + ios.html + web.html generated; total docs site now 44 pages."
165
+ },
166
+ {
167
+ "id": 8,
168
+ "title": "Tutorials & how-to guides",
169
+ "status": "completed",
170
+ "started_at": "2026-05-11",
171
+ "completed_at": "2026-05-11",
172
+ "skills_invoked": ["documentation-writer", "ai-seo", "copywriting"],
173
+ "deliverables": [
174
+ "native-update-docs: docs/tutorials/first-ota-update.md (~1900 words — 10-step happy-path walkthrough: install plugin → keys generate → scaffold config → wire SDK into boot code → sign up on SaaS + create app + paste API key + register public key → bundle → sign → upload → device install + verify → ship a real visible-change update; explicit what-you-did-not-do block calling out channels/rollouts/CI/key-rotation/rollback as separate how-tos)",
175
+ "native-update-docs: docs/tutorials/backend-first-walkthrough.md (~1900 words — 13-step self-hosted Laravel + Nova walkthrough: clone+install → DB setup → .env walk-through → migrate → optimise+serve → Nova login with tinker-seed-admin-user pattern → first App + ApiKey + SigningKey → wire app to LAN → bundle/sign/upload → verify device trace through Laravel log; covers 10.0.2.2 vs localhost vs LAN-IP nuances)",
176
+ "native-update-docs: docs/how-to/manage-channels.md (~1100 words — channel model with production/staging/beta/canary table, declare channels on App, tag bundles at build time with --channel, switch device at runtime via setChannel(), build channel UI for internal users, promote-between-channels via re-upload vs re-tag, common pitfalls including reset()-after-setChannel and case-sensitive matching)",
177
+ "native-update-docs: docs/how-to/rotate-signing-keys.md (~1700 words — scheduled-rotation vs emergency-revoke split with how-the-installed-binary-pins-the-trusted-key explanation; 7-step multi-key transition with publicKey-as-array approach + 95%-app-store-adoption gate; 5-step emergency-revoke path with App Store / Play Store expedited-review note; three how-NOT-to-rotate anti-patterns)",
178
+ "native-update-docs: docs/how-to/roll-back-bundle.md (~1300 words — 3-layer strategy: automatic crash-rollback via notifyAppReady() 60s window, cohort-wide rollback via Rollout%=0 or Is_Active=false or downgrade-as-latest, explicit per-device NativeUpdate.rollback() with code; what gets recorded in the Build counters; what rollback does NOT do — native code, offline devices, downstream data)",
179
+ "native-update-docs: docs/how-to/migrate-from-codepush.md (~1700 words — App Center retirement context, concept-mapping table (deployment→channel, deployment-key→api-key, mandatoryInstallMode→bundle.mandatory etc.), 6-step migration with side-by-side phase, sync-option mapping table, common gotchas (mandatory updates work differently, no bundle diffs, signing now mandatory))",
180
+ "native-update-docs: docs/how-to/ci-cd-github-actions.md (~1600 words — production GitHub Actions workflow: secrets setup, full .github/workflows/ota-release.yml with concurrency block + umask + verify-as-release-gate + cleanup-always + workflow_dispatch channel chooser; manual-approval pattern via GitHub Environments; cache wisdom + gotchas; what's-not-included block — tests, versioning, notifications, rollback automation)",
181
+ "native-update-docs: docs/how-to/test-bundles-locally.md (~1500 words — three local-test loops in increasing fidelity: bundle-verify smoke test → native-update server start dev server → full LAN test with real backend; per-loop what-catches vs what-skips matrix; LAN setup with macOS+Linux IP discovery, Android cleartext config, iOS NSAllowsLocalNetworking; iteration-speed tips including version-badge component)",
182
+ "native-update-docs: sidebars.ts — Tutorials + How-to guides categories activated; commented Batch-8 placeholder removed"
183
+ ],
184
+ "verification": "yarn build clean (no broken-link errors); 8 new pages reachable at /tutorials/* + /how-to/*; ls of build/tutorials/ + build/how-to/ confirms all 8 .html files generated; total docs site now 52 pages."
185
+ },
186
+ {
187
+ "id": 9,
188
+ "title": "Concepts & explanations",
189
+ "status": "completed",
190
+ "started_at": "2026-05-11",
191
+ "completed_at": "2026-05-11",
192
+ "skills_invoked": ["documentation-writer", "ai-seo"],
193
+ "deliverables": [
194
+ "native-update-docs: docs/concepts/how-ota-updates-work.md (~2200 words — five-moving-parts framing, 11-step lifecycle from package→sign→upload→sync→server-decision→download→checksum→signature-verify→stage→atomic-swap→verify-or-rollback, why-this-design-not-simpler covering integrity+atomicity+reversibility constraints, what-OTA-gives-you-over-web-deployment)",
195
+ "native-update-docs: docs/concepts/bundle-integrity-and-signing.md (~1900 words — envelope-and-bag metaphor for two-layer model, what SHA-256 alone catches (bitflips, CDN swaps, server confusion), what SHA-256 does NOT (server-attested-checksum-attack), what signing adds, five-entity trust chain breakdown, what signing does NOT protect (private-key compromise, buggy bundles, replay, native code, leaked-but-unrevoked key, side channels), algorithm-choice rationale (RSA universal+deterministic+small-overhead))",
196
+ "native-update-docs: docs/concepts/update-strategies-compared.md (~1900 words — four-strategy comparison table with one-line decision tree, immediate/on-app-start/on-app-resume/manual deep-dives with user-experience consequences and three-legitimate-use-cases per strategy, background-updates-orthogonal-to-strategies explanation, what's-not-in-the-model (no minimum-age-before-apply, no must-apply-by deadline))",
197
+ "native-update-docs: docs/concepts/architecture.md (~2200 words — five-component overview (CLI, backend, object store, device SDK, dashboard), three mermaid diagrams (build-time flowchart, deploy-time sequence, runtime sequence), trust-boundaries diagram with four-zone breakdown (your-control / semi-exposed / device / hostile), how-the-pieces-version-together explaining SDK-via-app-store vs backend-via-redeploy intersection rule)",
198
+ "native-update-docs: docs/concepts/security-model.md (~2000 words — three-class threat model (passive observer / active MITM / compromised infrastructure), three-layer defense (transport HTTPS+pinning / content checksum+signature / runtime crash-rollback), explicit what's-in-scope vs what's-out-of-scope (private key compromise, dashboard auth compromise, malicious-but-signed bundles, supply-chain via deps, jailbroken devices, side channels, DoS), six operational assumptions the model depends on, regulated-industries note on FIPS+SOC2+air-gapped)",
199
+ "native-update-docs: docs/concepts/error-handling-philosophy.md (~1800 words — fail-closed-on-correctness vs fail-open-on-availability framing, list of what-fails-closed (signature, checksum, HTTPS-in-prod, plugin-not-initialised, required-fields) vs what-fails-open (analytics writes, background scheduling, notification rendering, optional callbacks), typed-error-codes-everywhere with switch-on-code example, host-app-must-keep-running rule with safeBootstrapOta pattern, calibration rationale for 60s notifyAppReady window + 30min signed-URL TTL)",
200
+ "native-update-docs: sidebars.ts — Concepts category activated; commented Batch-9 placeholder removed"
201
+ ],
202
+ "verification": "yarn build clean (no broken-link errors); 6 new pages reachable at /concepts/*; ls of build/concepts/ confirms architecture.html + bundle-integrity-and-signing.html + error-handling-philosophy.html + how-ota-updates-work.html + security-model.html + update-strategies-compared.html generated; mermaid diagrams rendered (theme already enabled in docusaurus.config.ts); total docs site now 58 pages."
203
+ },
204
+ {
205
+ "id": 10,
206
+ "title": "SEO + Firebase deploy + GitHub publish",
207
+ "status": "completed",
208
+ "started_at": "2026-05-11",
209
+ "completed_at": "2026-05-11",
210
+ "skills_invoked": ["ai-seo", "firebase-hosting-basics"],
211
+ "deliverables": [
212
+ "native-update-docs: static/robots.txt — 30+ AI-bot allow list (Googlebot, Bingbot, DuckDuckBot, Applebot, YandexBot, Baiduspider, Slurp, GPTBot, ChatGPT-User, OAI-SearchBot, ClaudeBot, anthropic-ai, Claude-Web, PerplexityBot, Perplexity-User, Google-Extended, Applebot-Extended, YouBot, CCBot, Diffbot, cohere-ai/cohere-training-data-crawler, Meta-ExternalAgent, FacebookBot, Amazonbot, MistralAI-User) + 8-bot block list (Ahrefs/Semrush/MJ12/Dot/BLEX/Petal/serpstat/SiteAudit) + Sitemap directive",
213
+ "native-update-docs: static/llms.txt (9.6 KB) — llmstxt.org-format structured index covering all 58 pages grouped by Diátaxis quadrant (Tutorials, How-to, SDK Reference subsections, CLI Reference, Backend, Platforms, Concepts), with absolute URLs ready for LLM consumption",
214
+ "native-update-docs: static/llms-full.txt (15.4 KB) — single-document long-form summary covering project facts, four feature areas, 11-step OTA lifecycle, wire contract, CLI commands, three backend options, platform requirements per Android/iOS/Web, security model, update strategies, error handling philosophy, performance defaults, CodePush migration mapping, author contact",
215
+ "native-update-docs: static/humans.txt — team/thanks/site credits per humanstxt.org convention",
216
+ "native-update-docs: static/.well-known/security.txt (RFC 9116) — Contact / Expires (2027-05-11) / Preferred-Languages / Canonical / Policy fields plus inline responsible-disclosure policy",
217
+ "native-update-docs: static/sitemap-index.json — machine-readable section index complementing sitemap.xml; lists 8 content hubs with page counts and Diátaxis-type tags; discovery file URLs for sitemap/robots/llms/humans/security",
218
+ "native-update-docs: docusaurus.config.ts — headTags array with canonical link, RSS alternate, theme-color, application-name + 3 application/ld+json blocks (WebSite with publisher Person, SoftwareApplication with offers + softwareVersion 3.0.0 + license, Organization with sameAs network); themeConfig.metadata extended with description fallback, expanded keywords (15 terms), max-image-preview:large robots meta, twitter:site, og:locale, og:image:width/height, article:author",
219
+ "native-update-docs: firebase.json — public=build, cleanUrls, SPA-style 404 rewrite, Cache-Control immutable for assets (jpg|png|svg|js|css|woff2 = 1 year), HTML 5min, robots/sitemap/llms.txt 1hr, security headers (X-Content-Type-Options nosniff, Referrer-Policy strict-origin-when-cross-origin, Permissions-Policy, Strict-Transport-Security HSTS 1yr+preload)",
220
+ "native-update-docs: .firebaserc — default project 'native-update-docs'",
221
+ "native-update-docs: package.json — added firebase:emulate / firebase:deploy / firebase:deploy:preview yarn scripts (use npx -y firebase-tools@latest per global CLAUDE.md Firebase rule); removed default docusaurus deploy script (Firebase replaces GitHub Pages)",
222
+ "native-update-docs: DEPLOY.md — 6-section deploy runbook covering prerequisites, one-time GitHub publish via gh CLI, one-time Firebase project create + custom domain DNS, recurring deploy workflow with preview channels, post-deploy Google Search Console + Bing Webmaster Tools submission, healthcheck curl commands, freshness cycle, troubleshooting for 5 common failure modes"
223
+ ],
224
+ "verification": "yarn typecheck clean; yarn build clean — 6 discovery files materialised in build/ (robots.txt 2.6KB, llms.txt 9.7KB, llms-full.txt 15.4KB, humans.txt 0.9KB, sitemap.xml 10.6KB, sitemap-index.json 2.9KB) plus build/.well-known/security.txt; build/index.html contains 3 application/ld+json blocks (WebSite + SoftwareApplication + Organization) + canonical link + new robots/theme-color/twitter:site meta tags verified by grep. Firebase deploy + GitHub publish are user-actions documented in DEPLOY.md (require user-account auth)."
225
+ }
226
+ ],
227
+ "resume_protocol": "On every re-run of the docs-site prompt: read this file FIRST. If last_run.status=='complete' AND today<next_allowed_run_after, skip and tell the user the date. If 'in_progress', find lowest-indexed batch with status!='completed' and resume there. After Batch 10, set status='complete', completed_at=today, next_allowed_run_after=today+7d.",
228
+ "override_conditions": [
229
+ "Explicit user bypass",
230
+ "yarn build broken in sibling repo",
231
+ "Published page returns 404 or 5xx",
232
+ "Lighthouse SEO drops below 95",
233
+ "Production incident affecting users"
234
+ ]
235
+ }
@@ -0,0 +1,37 @@
1
+ # Error Handling Tracking (R-023)
2
+
3
+ This registry lists every component, page, hook, or service that wires errors into the centralised `trackError` (`website/src/lib/errorTracking.ts`). Every new feature added MUST add itself here.
4
+
5
+ **Service:** `website/src/lib/errorTracking.ts`
6
+ **Destinations:** Firebase Analytics (always on if Firebase keys present) + Sentry / Microsoft Clarity / Amplitude (off until their env keys are set)
7
+
8
+ **Last audited:** 2026-04-25
9
+
10
+ | Path | Type | Wired? | Notes |
11
+ |---|---|---|---|
12
+ | `src/components/ErrorBoundary.tsx` | Component | Pending | Top-level error boundary should call `trackError` in `componentDidCatch` — incremental migration. |
13
+ | `src/services/auth-service.ts` | Service | Pending | Wrap Firebase auth errors. |
14
+ | `src/services/google-drive-service.ts` | Service | Pending | OAuth + Drive API errors. |
15
+ | `src/services/bundle-upload-service.ts` | Service | Pending | Upload failures, integrity verification failures. |
16
+ | `src/services/manifest-generator.ts` | Service | Pending | Manifest assembly errors. |
17
+ | `src/lib/analytics.ts` | Service | N/A | Analytics; uses its own internal logger swallow. |
18
+ | `src/lib/firebase.ts` | Service | N/A | Init-time only — failure here is rendered by the app shell. |
19
+
20
+ ## How to wire a new module
21
+
22
+ ```ts
23
+ import { trackError } from '@/lib/errorTracking';
24
+
25
+ try {
26
+ await doRiskyThing();
27
+ } catch (err) {
28
+ trackError(err, { surface: 'upload', step: 'verify_checksum' });
29
+ throw err; // rethrow so callers see the failure too
30
+ }
31
+ ```
32
+
33
+ ## Env keys
34
+
35
+ - `VITE_SENTRY_DSN` — when set + `@sentry/browser` installed, errors flow to Sentry
36
+ - `VITE_CLARITY_PROJECT_ID` — when set + Clarity script loaded, last error pinned to session
37
+ - `VITE_AMPLITUDE_API_KEY` — when set + Amplitude script loaded, errors emitted as `app_error` events
@@ -1,36 +1,10 @@
1
1
  # Comprehensive Testing Guide
2
2
 
3
- This guide covers all testing approaches for the Capacitor Native Update plugin.
3
+ This guide covers the manual and on-device testing approaches for the Capacitor Native Update plugin. Verification is done in actual/live apps using the plugin rather than an automated JS test runner.
4
4
 
5
5
  ## Testing Levels
6
6
 
7
- ### 1. Unit Testing
8
-
9
- The plugin includes unit tests for core functionality:
10
-
11
- ```bash
12
- # Run all tests
13
- yarn test
14
-
15
- # Run with coverage
16
- yarn test:coverage
17
-
18
- # Watch mode for development
19
- yarn test:watch
20
- ```
21
-
22
- #### Test Structure
23
-
24
- ```
25
- src/__tests__/
26
- ├── security.test.ts # Security validation tests
27
- ├── version-manager.test.ts # Version comparison tests
28
- ├── bundle-manager.test.ts # Bundle management tests
29
- ├── config.test.ts # Configuration tests
30
- └── integration.test.ts # Integration tests
31
- ```
32
-
33
- ### 2. Integration Testing
7
+ ### 1. Integration Testing
34
8
 
35
9
  #### Web Platform Testing
36
10
 
@@ -103,7 +77,7 @@ src/__tests__/
103
77
  - In-app update UI
104
78
  - Rollback functionality
105
79
 
106
- ### 3. Security Testing
80
+ ### 2. Security Testing
107
81
 
108
82
  #### Certificate Validation
109
83
  ```typescript
@@ -130,7 +104,7 @@ const isValid = await NativeUpdate.validateUpdate({
130
104
  });
131
105
  ```
132
106
 
133
- ### 4. Performance Testing
107
+ ### 3. Performance Testing
134
108
 
135
109
  #### Download Performance
136
110
  ```typescript
@@ -146,7 +120,7 @@ NativeUpdate.addListener('downloadProgress', (progress) => {
146
120
  - Test with large bundles (50MB+)
147
121
  - Verify cleanup of old bundles
148
122
 
149
- ### 5. End-to-End Testing
123
+ ### 4. End-to-End Testing
150
124
 
151
125
  #### Complete Update Cycle
152
126
 
@@ -189,7 +163,7 @@ NativeUpdate.addListener('downloadProgress', (progress) => {
189
163
  }
190
164
  ```
191
165
 
192
- ### 6. Error Handling Testing
166
+ ### 5. Error Handling Testing
193
167
 
194
168
  #### Network Failures
195
169
  ```typescript
@@ -211,7 +185,7 @@ await NativeUpdate.download({
211
185
  });
212
186
  ```
213
187
 
214
- ### 7. Rollback Testing
188
+ ### 6. Rollback Testing
215
189
 
216
190
  ```typescript
217
191
  // Test rollback mechanism
@@ -228,7 +202,7 @@ async function testRollback() {
228
202
  }
229
203
  ```
230
204
 
231
- ### 8. Platform-Specific Testing
205
+ ### 7. Platform-Specific Testing
232
206
 
233
207
  #### iOS Specific
234
208
  - Test with different iOS versions (13+)
@@ -242,26 +216,26 @@ async function testRollback() {
242
216
  - Test notification permissions
243
217
  - Check WorkManager scheduling
244
218
 
245
- ### 9. Automated Testing
219
+ ### 8. Automated Verification
246
220
 
247
221
  #### CI/CD Integration
248
222
  ```yaml
249
- # .github/workflows/test.yml
250
- name: Test
223
+ # .github/workflows/ci.yml
224
+ name: CI
251
225
  on: [push, pull_request]
252
226
 
253
227
  jobs:
254
- test:
228
+ build:
255
229
  runs-on: ubuntu-latest
256
230
  steps:
257
231
  - uses: actions/checkout@v2
258
232
  - uses: actions/setup-node@v2
259
233
  - run: yarn install
260
- - run: yarn test
261
- - run: yarn test:e2e
234
+ - run: yarn lint
235
+ - run: yarn build
262
236
  ```
263
237
 
264
- ### 10. Manual Testing Checklist
238
+ ### 9. Manual Testing Checklist
265
239
 
266
240
  - [ ] **Configuration**
267
241
  - [ ] Valid HTTPS URL required
@@ -0,0 +1,41 @@
1
+ # Package Audit
2
+
3
+ Per R-010 (Clean package.json). Records unused dependencies removed and the reason.
4
+
5
+ **Last audited:** 2026-04-25
6
+
7
+ ## Root (`package.json`)
8
+
9
+ All listed dependencies and devDependencies are imported somewhere in the build pipeline (Rollup, TypeScript, ESLint). No removals.
10
+
11
+ ## Website (`website/package.json`)
12
+
13
+ | Package | Version | Action | Reason |
14
+ |---|---|---|---|
15
+ | `react-syntax-highlighter` | ^16.1.1 | **Removed** | Not imported anywhere in `website/src/`. The docs markdown page uses `react-markdown` + `remark-gfm` for rendering. Code highlighting is not currently a feature. Re-add when needed for code-fenced content. |
16
+ | `@types/react-syntax-highlighter` | ^15.5.13 | **Removed** | Unused (paired with the package above). |
17
+
18
+ After removal, run `yarn install` in `website/` to update `yarn.lock`. Until then, the lockfile keeps the (no-longer-listed) entries — harmless but tidy with the next install.
19
+
20
+ All other website deps verified imported:
21
+ - Capacitor + Capawesome plugins → used by mobile build flow
22
+ - Radix UI primitives → used in `src/components/ui/*` and across pages
23
+ - `framer-motion` → used in 11 files
24
+ - `lucide-react` → used in 32 files
25
+ - `jszip` → used by bundle upload service
26
+ - `d3` + `@types/d3` → present for chart rendering (admin/dashboard analytics)
27
+ - `firebase`, `react-hook-form`, `zod`, `@hookform/resolvers`, `react-router-dom`, `react-markdown`, `remark-gfm`, `tailwind-merge`, `class-variance-authority`, `clsx`, `zustand` → all imported
28
+
29
+ ## CLI (`cli/package.json`)
30
+
31
+ All deps are CLI-essential (`commander`, `chalk`, `ora`, `axios`, `archiver`, etc.). No removals.
32
+
33
+ ## Backend (`backend/package.json`)
34
+
35
+ Tiny dev-only package.json (Vite + Tailwind + Laravel Vite plugin). No removals. Note: `package-lock.json` removed in this run per yarn-only policy. Run `yarn install` in `backend/` to generate `yarn.lock` if backend is actively developed.
36
+
37
+ ## Example apps
38
+
39
+ - `react-capacitor`: Capacitor + React deps. Verified.
40
+ - `node-express`: Express + dotenv. Verified.
41
+ - `firebase-backend`: Firebase Admin + Express. Verified.
@@ -0,0 +1,5 @@
1
+ # ASO Metadata — Native Update (Internal Reference)
2
+
3
+ Populate via `~/.claude/rules/play-store-submission.md` (Phase 3) when preparing a release.
4
+
5
+ Internal brand/ASO reference — keywords, competitor analysis, category strategy. Not store-facing copy.
@@ -0,0 +1,5 @@
1
+ # Data Safety — Native Update
2
+
3
+ Populate via `~/.claude/rules/play-store-submission.md` (Phase 2) when preparing a release.
4
+
5
+ Full Data Safety form answers: data types collected, required/optional, shared/not shared, purposes, encryption-in-transit, deletion URL.
@@ -0,0 +1,5 @@
1
+ # Play App-Content Declarations — Native Update
2
+
3
+ Populate via `~/.claude/rules/play-store-submission.md` (Phase 2) when preparing a release.
4
+
5
+ All 10 declarations must be answered from the real Phase-0 code audit before any Play Console submission.