pal-explorer-cli 0.4.0

package/lib/commands/workspace.js

@@ -0,0 +1,121 @@
+import chalk from 'chalk';
+import config from '../utils/config.js';
+
+function genId() {
+  return Date.now().toString(36) + Math.random().toString(36).slice(2, 6);
+}
+
+export default function workspaceCommand(program) {
+  const cmd = program
+    .command('workspace')
+    .description('manage workspaces (collections of shares)')
+    .addHelpText('after', `
+Examples:
+  $ pe workspace                          List all workspaces
+  $ pe workspace list                     List all workspaces
+  $ pe workspace create "My Project"      Create a workspace
+  $ pe workspace delete <id>              Delete a workspace
+  $ pe workspace add <wsId> <shareId>     Add share to workspace
+  $ pe workspace remove <wsId> <shareId>  Remove share from workspace
+`)
+    .action(() => {
+      printWorkspaces();
+    });
+
+  cmd
+    .command('list')
+    .description('list all workspaces')
+    .action(() => {
+      printWorkspaces();
+    });
+
+  cmd
+    .command('create <name>')
+    .description('create a new workspace')
+    .option('--description <desc>', 'Workspace description')
+    .action((name, opts) => {
+      const workspaces = config.get('workspaces') || [];
+      const ws = {
+        id: genId(),
+        name,
+        description: opts.description || '',
+        shares: [],
+        paths: [],
+        createdAt: new Date().toISOString(),
+      };
+      workspaces.push(ws);
+      config.set('workspaces', workspaces);
+      console.log(chalk.green(`\u2714 Workspace created: ${ws.name}`));
+      console.log(`  ID: ${chalk.white(ws.id)}`);
+    });
+
+  cmd
+    .command('delete <id>')
+    .description('delete a workspace')
+    .action((id) => {
+      const workspaces = config.get('workspaces') || [];
+      const ws = workspaces.find(w => w.id === id);
+      if (!ws) {
+        console.log(chalk.red('Workspace not found.'));
+        process.exitCode = 1;
+        return;
+      }
+      config.set('workspaces', workspaces.filter(w => w.id !== id));
+      console.log(chalk.green(`\u2714 Workspace "${ws.name}" deleted.`));
+    });
+
+  cmd
+    .command('add <workspaceId> <shareId>')
+    .description('add a share to a workspace')
+    .action((workspaceId, shareId) => {
+      const workspaces = config.get('workspaces') || [];
+      const ws = workspaces.find(w => w.id === workspaceId);
+      if (!ws) {
+        console.log(chalk.red('Workspace not found.'));
+        process.exitCode = 1;
+        return;
+      }
+      if (ws.shares.includes(shareId)) {
+        console.log(chalk.yellow('Share already in workspace.'));
+        return;
+      }
+      ws.shares.push(shareId);
+      config.set('workspaces', workspaces);
+      console.log(chalk.green(`\u2714 Share ${shareId} added to "${ws.name}".`));
+    });
+
+  cmd
+    .command('remove <workspaceId> <shareId>')
+    .description('remove a share from a workspace')
+    .action((workspaceId, shareId) => {
+      const workspaces = config.get('workspaces') || [];
+      const ws = workspaces.find(w => w.id === workspaceId);
+      if (!ws) {
+        console.log(chalk.red('Workspace not found.'));
+        process.exitCode = 1;
+        return;
+      }
+      if (!ws.shares.includes(shareId)) {
+        console.log(chalk.yellow('Share not in workspace.'));
+        return;
+      }
+      ws.shares = ws.shares.filter(id => id !== shareId);
+      config.set('workspaces', workspaces);
+      console.log(chalk.green(`\u2714 Share ${shareId} removed from "${ws.name}".`));
+    });
+}
+
+function printWorkspaces() {
+  const workspaces = config.get('workspaces') || [];
+  if (workspaces.length === 0) {
+    console.log(chalk.gray('No workspaces. Use `pe workspace create <name>` to create one.'));
+    return;
+  }
+  console.log('');
+  console.log(chalk.cyan('Workspaces:'));
+  for (const ws of workspaces) {
+    console.log(`  ${chalk.white(ws.id)}  ${chalk.yellow(ws.name)}`);
+    if (ws.description) console.log(`    ${chalk.gray(ws.description)}`);
+    console.log(`    Shares: ${chalk.white(ws.shares.length)}  Created: ${chalk.gray(ws.createdAt)}`);
+  }
+}

package/lib/core/accessLog.js

@@ -0,0 +1,54 @@
+import { readFileSync, writeFileSync, existsSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+
+const LOG_DIR = join(homedir(), '.palexplorer');
+const LOG_FILE = join(LOG_DIR, 'access-log.json');
+const MAX_ENTRIES = 2000;
+
+function readLog() {
+  try {
+    if (!existsSync(LOG_FILE)) return [];
+    return JSON.parse(readFileSync(LOG_FILE, 'utf8'));
+  } catch { return []; }
+}
+
+function writeLog(entries) {
+  writeFileSync(LOG_FILE, JSON.stringify(entries, null, 2), 'utf8');
+}
+
+export function logAccess({ shareId, shareName, action, peerPublicKey, peerHandle, ip, userAgent, bytes }) {
+  const entries = readLog();
+  entries.push({
+    id: Date.now().toString(36) + Math.random().toString(36).slice(2, 6),
+    shareId,
+    shareName: shareName || null,
+    action,
+    peerPublicKey: peerPublicKey || null,
+    peerHandle: peerHandle || null,
+    ip: ip || null,
+    userAgent: userAgent || null,
+    bytes: bytes || 0,
+    timestamp: new Date().toISOString(),
+  });
+  if (entries.length > MAX_ENTRIES) entries.splice(0, entries.length - MAX_ENTRIES);
+  writeLog(entries);
+}
+
+const THIRTY_DAYS_MS = 30 * 24 * 60 * 60 * 1000;
+
+export function getAccessLog({ shareId, action, limit = 100, offset = 0 } = {}) {
+  let entries = readLog();
+  entries = entries.filter(e => !e.timestamp || (Date.now() - new Date(e.timestamp).getTime()) < THIRTY_DAYS_MS);
+  if (shareId) entries = entries.filter(e => e.shareId === shareId);
+  if (action) entries = entries.filter(e => e.action === action);
+  entries.reverse();
+  return {
+    total: entries.length,
+    entries: entries.slice(offset, offset + limit),
+  };
+}
+
+export function clearAccessLog() {
+  writeLog([]);
+}

package/lib/core/analytics.js

@@ -0,0 +1,99 @@
+import crypto from 'crypto';
+import config from '../utils/config.js';
+
+const VERSION = '0.4.0';
+
+let _getPrimaryServer;
+async function loadServer() {
+  if (!_getPrimaryServer) {
+    try {
+      const mod = await import('./discoveryClient.js');
+      _getPrimaryServer = mod.getPrimaryServer;
+    } catch {
+      _getPrimaryServer = () => null;
+    }
+  }
+  return _getPrimaryServer();
+}
+
+function getDeviceId() {
+  let id = config.get('analyticsDeviceId');
+  if (!id) {
+    id = crypto.randomUUID();
+    config.set('analyticsDeviceId', id);
+  }
+  return id;
+}
+
+function baseProperties() {
+  return {
+    platform: process.platform,
+    version: VERSION,
+    arch: process.arch,
+  };
+}
+
+export function reportError(error, context = {}) {
+  const settings = config.get('settings') || {};
+  if (settings.errorReportingEnabled === false) return;
+
+  const payload = {
+    message: error?.message || String(error),
+    stack: error?.stack?.split('\n').slice(0, 10).join('\n'),
+    code: error?.code,
+    ...context,
+  };
+
+  loadServer().then(server => {
+    if (!server) return;
+    fetch(`${server}/api/v1/analytics/event`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ event: 'error_report', properties: { ...baseProperties(), ...payload }, device_id: getDeviceId() }),
+      signal: AbortSignal.timeout(10_000),
+    }).catch(() => {});
+  }).catch(() => {});
+}
+
+export function reportCrash(error) {
+  const settings = config.get('settings') || {};
+  if (settings.errorReportingEnabled === false) return;
+
+  try {
+    const server = _getPrimaryServer?.();
+    if (!server) return;
+    const body = JSON.stringify({
+      event: 'crash_report',
+      properties: {
+        ...baseProperties(),
+        message: error?.message || String(error),
+        stack: error?.stack?.split('\n').slice(0, 20).join('\n'),
+        code: error?.code,
+        uptime: process.uptime(),
+        memoryMB: Math.round(process.memoryUsage().rss / 1048576),
+      },
+      device_id: getDeviceId(),
+    });
+
+    fetch(`${server}/api/v1/analytics/event`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body,
+      signal: AbortSignal.timeout(5000),
+    }).catch(() => {});
+  } catch {
+    // nothing we can do
+  }
+}
+
+export function installGlobalErrorHandler() {
+  const settings = config.get('settings') || {};
+  if (settings.errorReportingEnabled === false) return;
+
+  process.on('uncaughtException', (err) => {
+    reportCrash(err);
+  });
+  process.on('unhandledRejection', (reason) => {
+    reportError(reason instanceof Error ? reason : new Error(String(reason)), { type: 'unhandledRejection' });
+  });
+}

package/lib/core/backup.js

@@ -0,0 +1,84 @@
+import sodium from 'sodium-native';
+import { readFileSync, writeFileSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+
+const CONFIG_DIR = join(homedir(), '.palexplorer');
+const BACKUP_VERSION = 1;
+
+export async function createBackup(password) {
+  const configFile = join(CONFIG_DIR, 'config.json');
+  const policiesFile = join(CONFIG_DIR, 'share-policies.json');
+  const accessLogFile = join(CONFIG_DIR, 'access-log.json');
+
+  const data = {
+    version: BACKUP_VERSION,
+    createdAt: new Date().toISOString(),
+    config: safeRead(configFile),
+    policies: safeRead(policiesFile),
+    accessLog: safeRead(accessLogFile),
+  };
+
+  const plaintext = Buffer.from(JSON.stringify(data), 'utf8');
+
+  const salt = Buffer.alloc(sodium.crypto_pwhash_SALTBYTES);
+  sodium.randombytes_buf(salt);
+
+  const key = Buffer.alloc(sodium.crypto_secretbox_KEYBYTES);
+  sodium.crypto_pwhash(
+    key, Buffer.from(password, 'utf8'), salt,
+    sodium.crypto_pwhash_OPSLIMIT_MODERATE,
+    sodium.crypto_pwhash_MEMLIMIT_MODERATE,
+    sodium.crypto_pwhash_ALG_ARGON2ID13
+  );
+
+  const nonce = Buffer.alloc(sodium.crypto_secretbox_NONCEBYTES);
+  sodium.randombytes_buf(nonce);
+
+  const cipher = Buffer.alloc(plaintext.length + sodium.crypto_secretbox_MACBYTES);
+  sodium.crypto_secretbox_easy(cipher, plaintext, nonce, key);
+
+  const backup = {
+    palexplorer_backup: true,
+    version: BACKUP_VERSION,
+    salt: salt.toString('hex'),
+    nonce: nonce.toString('hex'),
+    data: cipher.toString('base64'),
+    createdAt: new Date().toISOString(),
+  };
+
+  return JSON.stringify(backup, null, 2);
+}
+
+export async function restoreBackup(backupJson, password) {
+  const backup = JSON.parse(backupJson);
+  if (!backup.palexplorer_backup) throw new Error('Invalid backup file');
+
+  const salt = Buffer.from(backup.salt, 'hex');
+  const nonce = Buffer.from(backup.nonce, 'hex');
+  const cipher = Buffer.from(backup.data, 'base64');
+
+  const key = Buffer.alloc(sodium.crypto_secretbox_KEYBYTES);
+  sodium.crypto_pwhash(
+    key, Buffer.from(password, 'utf8'), salt,
+    sodium.crypto_pwhash_OPSLIMIT_MODERATE,
+    sodium.crypto_pwhash_MEMLIMIT_MODERATE,
+    sodium.crypto_pwhash_ALG_ARGON2ID13
+  );
+
+  const plaintext = Buffer.alloc(cipher.length - sodium.crypto_secretbox_MACBYTES);
+  const ok = sodium.crypto_secretbox_open_easy(plaintext, cipher, nonce, key);
+  if (!ok) throw new Error('Wrong password or corrupted backup');
+
+  const data = JSON.parse(plaintext.toString('utf8'));
+
+  if (data.config) writeFileSync(join(CONFIG_DIR, 'config.json'), JSON.stringify(data.config, null, 2));
+  if (data.policies) writeFileSync(join(CONFIG_DIR, 'share-policies.json'), JSON.stringify(data.policies, null, 2));
+  if (data.accessLog) writeFileSync(join(CONFIG_DIR, 'access-log.json'), JSON.stringify(data.accessLog, null, 2));
+
+  return { restored: true, createdAt: data.createdAt };
+}
+
+function safeRead(path) {
+  try { return JSON.parse(readFileSync(path, 'utf8')); } catch { return null; }
+}

package/lib/core/billing.js

@@ -0,0 +1,336 @@
+import crypto from 'crypto';
+import os from 'os';
+import config from '../utils/config.js';
+import keytar from 'keytar';
+import { hooks } from './extensions.js';
+
+const KEYTAR_SERVICE = 'pal-billing';
+const KEYTAR_ACCOUNT = 'license-key';
+
+const LEMON_STORE_ID = process.env.PAL_LEMON_STORE_ID || 'not-configured';
+const LEMON_API_KEY = process.env.PAL_LEMON_API_KEY || '';
+
+const VARIANT_IDS = {
+  pro_monthly: process.env.PAL_LEMON_PRO_MONTHLY || 'not-configured-pro-monthly',
+  pro_annual: process.env.PAL_LEMON_PRO_ANNUAL || 'not-configured-pro-annual',
+  enterprise: process.env.PAL_LEMON_ENTERPRISE || 'not-configured-enterprise',
+};
+
+const STORE_SLUG = 'palexplorer';
+
+const REVALIDATION_INTERVAL_MS = 24 * 60 * 60 * 1000; // 24 hours
+const MAX_OFFLINE_DAYS = 7;
+const MAX_OFFLINE_MS = MAX_OFFLINE_DAYS * 24 * 60 * 60 * 1000;
+
+export const PLANS = {
+  free: {
+    name: 'Free', price: 0,
+    limits: {
+      maxShares: 5, maxRecipients: 3, maxGroups: 2, maxGroupMembers: 5,
+      maxCommentsPerShare: 5, maxFileSize: 2 * 1024 * 1024 * 1024,
+      apiKeys: 0, handles: 1, inbox: 200, favorites: 10,
+    },
+    features: {
+      remoteStreaming: false, watchParties: false, communityExtensions: false,
+      vfsMount: false, explorerMenu: false, autoSync: false, deltaSync: false,
+      batchTransfers: false, prioritySeeding: false, analytics90d: false,
+      encryptedBackup: false, priorityRelay: false, customThemes: false, vanityHandle: false,
+    },
+  },
+  pro_monthly: {
+    name: 'Pro', price: 2.99, interval: 'monthly',
+    limits: {
+      maxShares: Infinity, maxRecipients: Infinity, maxGroups: Infinity, maxGroupMembers: Infinity,
+      maxCommentsPerShare: Infinity, maxFileSize: Infinity,
+      apiKeys: 3, handles: 3, inbox: Infinity, favorites: Infinity,
+    },
+    features: {
+      remoteStreaming: true, watchParties: true, communityExtensions: true,
+      vfsMount: true, explorerMenu: true, autoSync: true, deltaSync: true,
+      batchTransfers: true, prioritySeeding: true, analytics90d: true,
+      encryptedBackup: true, priorityRelay: true, customThemes: true, vanityHandle: true,
+    },
+  },
+  pro_annual: {
+    name: 'Pro Annual', price: 29.99, interval: 'yearly',
+    limits: {
+      maxShares: Infinity, maxRecipients: Infinity, maxGroups: Infinity, maxGroupMembers: Infinity,
+      maxCommentsPerShare: Infinity, maxFileSize: Infinity,
+      apiKeys: 3, handles: 3, inbox: Infinity, favorites: Infinity,
+    },
+    features: {
+      remoteStreaming: true, watchParties: true, communityExtensions: true,
+      vfsMount: true, explorerMenu: true, autoSync: true, deltaSync: true,
+      batchTransfers: true, prioritySeeding: true, analytics90d: true,
+      encryptedBackup: true, priorityRelay: true, customThemes: true, vanityHandle: true,
+    },
+  },
+  enterprise: {
+    name: 'Enterprise', price: 9.99, interval: 'monthly', perSeat: true,
+    limits: {
+      maxShares: Infinity, maxRecipients: Infinity, maxGroups: Infinity, maxGroupMembers: Infinity,
+      maxCommentsPerShare: Infinity, maxFileSize: Infinity,
+      apiKeys: 50, handles: 10, inbox: Infinity, favorites: Infinity,
+    },
+    features: {
+      remoteStreaming: true, watchParties: true, communityExtensions: true,
+      vfsMount: true, explorerMenu: true, autoSync: true, deltaSync: true,
+      batchTransfers: true, prioritySeeding: true, analytics90d: true,
+      encryptedBackup: true, priorityRelay: true, customThemes: true, vanityHandle: true,
+      oauth: true, sso: true, auditExport: true, dlpPolicies: true,
+      retentionRules: true, brandedThemes: true, webhooks: true,
+      dedicatedRelay: true, prioritySupport: true,
+    },
+  },
+};
+
+function getBillingData() {
+  return config.get('billing') || null;
+}
+
+function setBillingData(data) {
+  config.set('billing', data);
+}
+
+function clearBillingData() {
+  config.delete('billing');
+}
+
+async function getStoredLicenseKey() {
+  try {
+    return await keytar.getPassword(KEYTAR_SERVICE, KEYTAR_ACCOUNT);
+  } catch {
+    return null;
+  }
+}
+
+function getConfigLicenseKey() {
+  const stored = config.get('billing_license_key');
+  if (!stored) return null;
+  if (typeof stored === 'string') return stored; // legacy plaintext
+  try {
+    const machineKey = crypto.createHash('sha256').update(`pe:billing:${os.hostname()}:${os.userInfo().username}`).digest();
+    const iv = Buffer.from(stored.iv, 'hex');
+    const tag = Buffer.from(stored.tag, 'hex');
+    const data = Buffer.from(stored.data, 'hex');
+    const decipher = crypto.createDecipheriv('aes-256-gcm', machineKey, iv);
+    decipher.setAuthTag(tag);
+    return Buffer.concat([decipher.update(data), decipher.final()]).toString('utf8');
+  } catch {
+    return null;
+  }
+}
+
+async function storeLicenseKey(key) {
+  try {
+    await keytar.setPassword(KEYTAR_SERVICE, KEYTAR_ACCOUNT, key);
+  } catch {
+    // keytar unavailable — encrypt with machine-derived key before storing
+    const machineKey = crypto.createHash('sha256').update(`pe:billing:${os.hostname()}:${os.userInfo().username}`).digest();
+    const iv = crypto.randomBytes(16);
+    const cipher = crypto.createCipheriv('aes-256-gcm', machineKey, iv);
+    const encrypted = Buffer.concat([cipher.update(key, 'utf8'), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    config.set('billing_license_key', { iv: iv.toString('hex'), tag: tag.toString('hex'), data: encrypted.toString('hex') });
+  }
+}
+
+async function removeLicenseKey() {
+  try {
+    await keytar.deletePassword(KEYTAR_SERVICE, KEYTAR_ACCOUNT);
+  } catch {}
+  config.delete('billing_license_key');
+}
+
+export async function validateLicenseKey(key) {
+  const res = await fetch('https://api.lemonsqueezy.com/v1/licenses/validate', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+    body: JSON.stringify({ license_key: key }),
+  });
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(`License validation failed: ${res.status} ${text}`);
+  }
+  return res.json();
+}
+
+export async function activateLicenseKey(key) {
+  const res = await fetch('https://api.lemonsqueezy.com/v1/licenses/activate', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+    body: JSON.stringify({ license_key: key, instance_name: `palexplorer-${Date.now()}` }),
+  });
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(`License activation failed: ${res.status} ${text}`);
+  }
+  const data = await res.json();
+
+  if (!data.activated && !data.valid) {
+    throw new Error(data.error || 'License activation failed');
+  }
+
+  const meta = data.meta || {};
+  const variantId = String(meta.variant_id || '');
+  let planKey = 'pro_monthly';
+  if (variantId === VARIANT_IDS.pro_annual) planKey = 'pro_annual';
+  else if (variantId === VARIANT_IDS.enterprise) planKey = 'enterprise';
+  else if (variantId === VARIANT_IDS.pro_monthly) planKey = 'pro_monthly';
+
+  const expiresAt = meta.expires_at || null;
+
+  await storeLicenseKey(key);
+  const now = new Date().toISOString();
+  const billing = {
+    plan: planKey,
+    licenseKey: key.slice(0, 8) + '...',
+    activatedAt: now,
+    lastValidated: now,
+    expiresAt,
+    instanceId: data.instance?.id || null,
+    customerEmail: meta.customer_email || null,
+  };
+  setBillingData(billing);
+
+  hooks.emit('after:billing:upgrade', { plan: planKey }).catch(() => {});
+
+  return { plan: planKey, expiresAt, billing };
+}
+
+export async function deactivateLicenseKey() {
+  const key = await getStoredLicenseKey() || getConfigLicenseKey();
+  const billing = getBillingData();
+
+  if (key && billing?.instanceId) {
+    try {
+      await fetch('https://api.lemonsqueezy.com/v1/licenses/deactivate', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+        body: JSON.stringify({ license_key: key, instance_id: billing.instanceId }),
+      });
+    } catch {
+      // Best-effort deactivation
+    }
+  }
+
+  await removeLicenseKey();
+  clearBillingData();
+  config.delete('proEntitlement');
+  return { success: true };
+}
+
+function shouldRevalidate() {
+  const billing = getBillingData();
+  if (!billing || billing.plan === 'free' || !billing.plan) return false;
+  if (!billing.lastValidated) return true;
+  const elapsed = Date.now() - new Date(billing.lastValidated).getTime();
+  return elapsed >= REVALIDATION_INTERVAL_MS;
+}
+
+async function revalidateLicense() {
+  const billing = getBillingData();
+  if (!billing || !billing.plan || billing.plan === 'free') return;
+
+  const key = await getStoredLicenseKey() || getConfigLicenseKey();
+  if (!key) {
+    downgradeToFree('no_license_key');
+    return;
+  }
+
+  try {
+    const result = await validateLicenseKey(key);
+    if (!result.valid) {
+      downgradeToFree('license_invalid');
+      return;
+    }
+    billing.lastValidated = new Date().toISOString();
+    setBillingData(billing);
+  } catch {
+    // Offline — check max offline period
+    if (billing.lastValidated) {
+      const elapsed = Date.now() - new Date(billing.lastValidated).getTime();
+      if (elapsed >= MAX_OFFLINE_MS) {
+        downgradeToFree('offline_expired');
+      }
+    }
+    // If no lastValidated but has billing, allow a grace period from activation
+    else if (billing.activatedAt) {
+      const elapsed = Date.now() - new Date(billing.activatedAt).getTime();
+      if (elapsed >= MAX_OFFLINE_MS) {
+        downgradeToFree('offline_expired');
+      }
+    }
+  }
+}
+
+function downgradeToFree(reason) {
+  clearBillingData();
+  config.delete('proEntitlement');
+  hooks.emit('after:billing:downgrade', { reason }).catch(() => {});
+}
+
+let _revalidationPromise = null;
+
+export function getActivePlan() {
+  const billing = getBillingData();
+  if (!billing) {
+    return { key: 'free', ...PLANS.free, expiresAt: null, source: 'none' };
+  }
+
+  if (billing.expiresAt && new Date(billing.expiresAt) < new Date()) {
+    return { key: 'free', ...PLANS.free, expiresAt: null, source: 'expired' };
+  }
+
+  // Trigger non-blocking revalidation if needed
+  if (shouldRevalidate() && !_revalidationPromise) {
+    _revalidationPromise = revalidateLicense().finally(() => { _revalidationPromise = null; });
+  }
+
+  const planKey = billing.plan || 'pro_monthly';
+  const plan = PLANS[planKey] || PLANS.pro_monthly;
+  return {
+    key: planKey,
+    ...plan,
+    expiresAt: billing.expiresAt,
+    source: 'license',
+    customerEmail: billing.customerEmail || null,
+  };
+}
+
+export function getFeature(featureName) {
+  const plan = getActivePlan();
+  return !!plan.features[featureName];
+}
+
+export function checkFeature(featureName) {
+  if (!getFeature(featureName)) {
+    throw new Error(`${featureName} requires a Pro subscription. Upgrade at https://palexplorer.com/pro`);
+  }
+}
+
+export function getPlanLimits() {
+  return getActivePlan().limits;
+}
+
+export function getCheckoutUrl(plan, publicKey) {
+  const variantId = VARIANT_IDS[plan];
+  if (!variantId) throw new Error(`Unknown plan: ${plan}. Available: ${Object.keys(VARIANT_IDS).join(', ')}`);
+  let url = `https://${STORE_SLUG}.lemonsqueezy.com/checkout/buy/${variantId}`;
+  if (publicKey) {
+    url += `?checkout[custom][public_key]=${encodeURIComponent(publicKey)}`;
+  }
+  return url;
+}
+
+export function verifyWebhookSignature(payload, signature, secret) {
+  const hmac = crypto.createHmac('sha256', secret);
+  hmac.update(payload);
+  const digest = hmac.digest('hex');
+  if (digest.length !== signature.length) return false;
+  try {
+    return crypto.timingSafeEqual(Buffer.from(digest, 'hex'), Buffer.from(signature, 'hex'));
+  } catch {
+    return false;
+  }
+}