vibecarbon 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (495) hide show
  1. package/LICENSE +663 -0
  2. package/README.md +188 -0
  3. package/carbon/.claude/hooks/task-completed-gate.sh +19 -0
  4. package/carbon/.claude/hooks/teammate-idle-gate.sh +29 -0
  5. package/carbon/.claude/settings.json +29 -0
  6. package/carbon/.cursor/rules/vibecarbon.mdc +6 -0
  7. package/carbon/.dockerignore +57 -0
  8. package/carbon/.env.example +219 -0
  9. package/carbon/.github/copilot-instructions.md +3 -0
  10. package/carbon/.github/workflows/deploy.yml +346 -0
  11. package/carbon/.github/workflows/vibecarbon-build.yml +81 -0
  12. package/carbon/.windsurfrules +74 -0
  13. package/carbon/AGENTS.md +422 -0
  14. package/carbon/CLAUDE.md +3 -0
  15. package/carbon/DEVELOPMENT.md +187 -0
  16. package/carbon/Dockerfile +98 -0
  17. package/carbon/LICENSE +21 -0
  18. package/carbon/PRODUCTION.md +364 -0
  19. package/carbon/README.md +193 -0
  20. package/carbon/TESTING.md +138 -0
  21. package/carbon/backup/Dockerfile +75 -0
  22. package/carbon/backup/backup.sh +95 -0
  23. package/carbon/backup/compose-backup.sh +140 -0
  24. package/carbon/biome.json +83 -0
  25. package/carbon/cloud-init/docker-ce-setup.yaml +55 -0
  26. package/carbon/cloud-init/k3s/master-init.sh +215 -0
  27. package/carbon/cloud-init/k3s/supabase-init.sh +167 -0
  28. package/carbon/cloud-init/k3s/worker-init.sh +147 -0
  29. package/carbon/components.json +24 -0
  30. package/carbon/content/blog/authentication-guide.mdx +34 -0
  31. package/carbon/content/blog/getting-started.mdx +41 -0
  32. package/carbon/content/changelog/v0-1-0.mdx +40 -0
  33. package/carbon/content/docs/analytics.mdx +90 -0
  34. package/carbon/content/docs/authentication.mdx +231 -0
  35. package/carbon/content/docs/background-jobs.mdx +116 -0
  36. package/carbon/content/docs/cli.mdx +630 -0
  37. package/carbon/content/docs/database.mdx +236 -0
  38. package/carbon/content/docs/deployment.mdx +227 -0
  39. package/carbon/content/docs/development.mdx +238 -0
  40. package/carbon/content/docs/environments.mdx +84 -0
  41. package/carbon/content/docs/getting-started.mdx +112 -0
  42. package/carbon/content/docs/legal/privacy-policy.mdx +89 -0
  43. package/carbon/content/docs/legal/terms-of-service.mdx +99 -0
  44. package/carbon/content/docs/optional-services.mdx +160 -0
  45. package/carbon/db/Dockerfile +23 -0
  46. package/carbon/docker-compose.dev-init.yml +5 -0
  47. package/carbon/docker-compose.metabase.override.yml +14 -0
  48. package/carbon/docker-compose.metabase.prod.yml +28 -0
  49. package/carbon/docker-compose.metabase.yml +84 -0
  50. package/carbon/docker-compose.n8n.override.yml +14 -0
  51. package/carbon/docker-compose.n8n.prod.yml +31 -0
  52. package/carbon/docker-compose.n8n.yml +97 -0
  53. package/carbon/docker-compose.observability.override.yml +18 -0
  54. package/carbon/docker-compose.observability.prod.yml +28 -0
  55. package/carbon/docker-compose.observability.yml +125 -0
  56. package/carbon/docker-compose.override.yml +28 -0
  57. package/carbon/docker-compose.prod.yml +294 -0
  58. package/carbon/docker-compose.yml +508 -0
  59. package/carbon/docker-entrypoint.sh +12 -0
  60. package/carbon/ha/activate-standby.sh +52 -0
  61. package/carbon/ha/primary-init.sql +36 -0
  62. package/carbon/ha/standby-init.sh +74 -0
  63. package/carbon/k8s/LICENSE +99 -0
  64. package/carbon/k8s/README.md +272 -0
  65. package/carbon/k8s/base/app/deployment.yaml +130 -0
  66. package/carbon/k8s/base/app/hpa.yaml +44 -0
  67. package/carbon/k8s/base/app/kustomization.yaml +10 -0
  68. package/carbon/k8s/base/app/network-policy.yaml +124 -0
  69. package/carbon/k8s/base/app/pdb.yaml +14 -0
  70. package/carbon/k8s/base/app/rbac.yaml +36 -0
  71. package/carbon/k8s/base/app/service.yaml +16 -0
  72. package/carbon/k8s/base/backup/cronjob.yaml +120 -0
  73. package/carbon/k8s/base/backup/kustomization.yaml +7 -0
  74. package/carbon/k8s/base/backup/network-policy.yaml +31 -0
  75. package/carbon/k8s/base/backup/rbac.yaml +7 -0
  76. package/carbon/k8s/base/cluster-autoscaler/deployment.yaml +103 -0
  77. package/carbon/k8s/base/cluster-autoscaler/kustomization.yaml +17 -0
  78. package/carbon/k8s/base/cluster-autoscaler/rbac.yaml +109 -0
  79. package/carbon/k8s/base/config/configmap.yaml +48 -0
  80. package/carbon/k8s/base/config/kustomization.yaml +8 -0
  81. package/carbon/k8s/base/hetzner-ccm/kustomization.yaml +9 -0
  82. package/carbon/k8s/base/hetzner-csi/kustomization.yaml +9 -0
  83. package/carbon/k8s/base/kustomization.yaml +43 -0
  84. package/carbon/k8s/base/namespace.yaml +7 -0
  85. package/carbon/k8s/base/network-policies.yaml +95 -0
  86. package/carbon/k8s/base/registry/kustomization.yaml +5 -0
  87. package/carbon/k8s/base/registry/local-registry.yaml +193 -0
  88. package/carbon/k8s/base/traefik/certificate.yaml +21 -0
  89. package/carbon/k8s/base/traefik/configmap.yaml +13 -0
  90. package/carbon/k8s/base/traefik/deployment.yaml +165 -0
  91. package/carbon/k8s/base/traefik/ingressroute.yaml +141 -0
  92. package/carbon/k8s/base/traefik/kustomization.yaml +11 -0
  93. package/carbon/k8s/base/traefik/middleware.yaml +109 -0
  94. package/carbon/k8s/base/traefik/network-policy.yaml +92 -0
  95. package/carbon/k8s/base/traefik/service.yaml +38 -0
  96. package/carbon/k8s/flux/README.md +49 -0
  97. package/carbon/k8s/flux/clusters/primary/vibecarbon.yaml +128 -0
  98. package/carbon/k8s/flux/clusters/standby/vibecarbon.yaml +83 -0
  99. package/carbon/k8s/gitops/cert-manager-webhook-hetzner/helm-release.yaml +38 -0
  100. package/carbon/k8s/gitops/cert-manager-webhook-hetzner/helm-repository.yaml +16 -0
  101. package/carbon/k8s/gitops/cert-manager-webhook-hetzner/kustomization.yaml +10 -0
  102. package/carbon/k8s/gitops/supabase/helm-release.yaml +66 -0
  103. package/carbon/k8s/gitops/supabase/helm-repository.yaml +18 -0
  104. package/carbon/k8s/gitops/supabase/kustomization.yaml +33 -0
  105. package/carbon/k8s/infra/cert-manager-resources/cluster-issuers-cloudflare.yaml +51 -0
  106. package/carbon/k8s/infra/cert-manager-resources/cluster-issuers-hetzner.yaml +59 -0
  107. package/carbon/k8s/infra/cert-manager-resources/cluster-issuers-manual.yaml +43 -0
  108. package/carbon/k8s/infra/cert-manager-resources/kustomization.yaml +15 -0
  109. package/carbon/k8s/infra/kustomization.yaml +21 -0
  110. package/carbon/k8s/infra/traefik-crds/kustomization.yaml +10 -0
  111. package/carbon/k8s/overlays/local/configmap.yaml +23 -0
  112. package/carbon/k8s/overlays/local/ingressroute-studio.yaml +104 -0
  113. package/carbon/k8s/overlays/local/kustomization.yaml +215 -0
  114. package/carbon/k8s/overlays/local/namespace.yaml +8 -0
  115. package/carbon/k8s/overlays/local/secrets.yaml +32 -0
  116. package/carbon/k8s/overlays/production/kustomization.yaml +34 -0
  117. package/carbon/k8s/test-local.sh +318 -0
  118. package/carbon/k8s/values/supabase.values.yaml +133 -0
  119. package/carbon/package.json +154 -0
  120. package/carbon/runtime.Dockerfile +17 -0
  121. package/carbon/scripts/_dev-jwt.mjs +45 -0
  122. package/carbon/scripts/check-rls.ts +53 -0
  123. package/carbon/scripts/dev-init.js +191 -0
  124. package/carbon/scripts/dev.js +191 -0
  125. package/carbon/scripts/docker-down.js +63 -0
  126. package/carbon/scripts/docker-logs.js +59 -0
  127. package/carbon/scripts/docker-up.js +222 -0
  128. package/carbon/scripts/generate-dev-configs.sh +131 -0
  129. package/carbon/scripts/generate-rss.ts +116 -0
  130. package/carbon/scripts/generate-sitemap.ts +102 -0
  131. package/carbon/scripts/k8s-apply.js +71 -0
  132. package/carbon/scripts/k8s-delete.js +75 -0
  133. package/carbon/scripts/lib/manifest.js +176 -0
  134. package/carbon/scripts/secret-scan.mjs +278 -0
  135. package/carbon/scripts/validate-dev-configs.sh +101 -0
  136. package/carbon/src/client/App.tsx +202 -0
  137. package/carbon/src/client/assets/hyperformant-dark.svg +29 -0
  138. package/carbon/src/client/assets/hyperformant-light.svg +29 -0
  139. package/carbon/src/client/assets/logos/aider.svg +1 -0
  140. package/carbon/src/client/assets/logos/antigravity.svg +1 -0
  141. package/carbon/src/client/assets/logos/bolt.svg +1 -0
  142. package/carbon/src/client/assets/logos/claude-code.svg +1 -0
  143. package/carbon/src/client/assets/logos/copilot.svg +1 -0
  144. package/carbon/src/client/assets/logos/cursor.svg +1 -0
  145. package/carbon/src/client/assets/logos/gemini-cli.svg +1 -0
  146. package/carbon/src/client/assets/logos/lovable.svg +1 -0
  147. package/carbon/src/client/assets/logos/openai-codex.svg +1 -0
  148. package/carbon/src/client/assets/logos/v0.svg +1 -0
  149. package/carbon/src/client/assets/logos/windsurf.svg +1 -0
  150. package/carbon/src/client/assets/vibecarbon-icon.svg +19 -0
  151. package/carbon/src/client/assets/vibecarbon-logo-dark.svg +29 -0
  152. package/carbon/src/client/assets/vibecarbon-logo-light.svg +29 -0
  153. package/carbon/src/client/components/AIIntegrationSection.tsx +120 -0
  154. package/carbon/src/client/components/AppSidebar.tsx +760 -0
  155. package/carbon/src/client/components/ArchitectureSection.tsx +46 -0
  156. package/carbon/src/client/components/CTAFooter.tsx +59 -0
  157. package/carbon/src/client/components/ComparisonSection.tsx +132 -0
  158. package/carbon/src/client/components/ContentPanel.tsx +66 -0
  159. package/carbon/src/client/components/ContentSkeleton.tsx +21 -0
  160. package/carbon/src/client/components/ErrorBoundary.tsx +46 -0
  161. package/carbon/src/client/components/FAQSection.tsx +76 -0
  162. package/carbon/src/client/components/FileUpload.tsx +210 -0
  163. package/carbon/src/client/components/HeaderActions.tsx +17 -0
  164. package/carbon/src/client/components/Hero.tsx +608 -0
  165. package/carbon/src/client/components/ImpersonationBanner.tsx +31 -0
  166. package/carbon/src/client/components/LanguageSwitcher.tsx +67 -0
  167. package/carbon/src/client/components/Logo.tsx +87 -0
  168. package/carbon/src/client/components/LogoStrip.tsx +76 -0
  169. package/carbon/src/client/components/MetricsStrip.tsx +48 -0
  170. package/carbon/src/client/components/Nav.tsx +195 -0
  171. package/carbon/src/client/components/NewsletterSignup.tsx +147 -0
  172. package/carbon/src/client/components/NotificationDrawer.tsx +171 -0
  173. package/carbon/src/client/components/PageHeader.tsx +24 -0
  174. package/carbon/src/client/components/PlanGate.tsx +36 -0
  175. package/carbon/src/client/components/PricingSection.tsx +371 -0
  176. package/carbon/src/client/components/SEO.tsx +34 -0
  177. package/carbon/src/client/components/SmoothScroll.tsx +45 -0
  178. package/carbon/src/client/components/TechStackSection.tsx +165 -0
  179. package/carbon/src/client/components/WorkflowSection.tsx +604 -0
  180. package/carbon/src/client/components/admin/DockerLogs.tsx +276 -0
  181. package/carbon/src/client/components/admin/PerformanceMetrics.tsx +230 -0
  182. package/carbon/src/client/components/admin/ServiceCard.tsx +45 -0
  183. package/carbon/src/client/components/admin/ServicesStatus.tsx +296 -0
  184. package/carbon/src/client/components/architecture/ArchitectureDiagram.tsx +413 -0
  185. package/carbon/src/client/components/auth/AuthProvider.tsx +466 -0
  186. package/carbon/src/client/components/effects/FilmGrainOverlay.tsx +35 -0
  187. package/carbon/src/client/components/effects/FresnelEdge.tsx +49 -0
  188. package/carbon/src/client/components/effects/GlowTracker.tsx +46 -0
  189. package/carbon/src/client/components/effects/SparkBurst.tsx +145 -0
  190. package/carbon/src/client/components/effects/VGlowEffect.tsx +83 -0
  191. package/carbon/src/client/components/effects/index.ts +2 -0
  192. package/carbon/src/client/components/layouts/SidebarLayout.tsx +20 -0
  193. package/carbon/src/client/components/scroll/ScrollSection.tsx +76 -0
  194. package/carbon/src/client/components/scroll/ScrollytellingProvider.tsx +81 -0
  195. package/carbon/src/client/components/scroll/index.ts +2 -0
  196. package/carbon/src/client/components/ui/accordion.tsx +71 -0
  197. package/carbon/src/client/components/ui/alert-dialog.tsx +162 -0
  198. package/carbon/src/client/components/ui/alert.tsx +73 -0
  199. package/carbon/src/client/components/ui/aspect-ratio.tsx +22 -0
  200. package/carbon/src/client/components/ui/avatar.tsx +91 -0
  201. package/carbon/src/client/components/ui/badge.tsx +50 -0
  202. package/carbon/src/client/components/ui/breadcrumb.tsx +100 -0
  203. package/carbon/src/client/components/ui/button-group.tsx +78 -0
  204. package/carbon/src/client/components/ui/button.tsx +120 -0
  205. package/carbon/src/client/components/ui/calendar.tsx +182 -0
  206. package/carbon/src/client/components/ui/card.tsx +85 -0
  207. package/carbon/src/client/components/ui/carousel.tsx +227 -0
  208. package/carbon/src/client/components/ui/chart.tsx +357 -0
  209. package/carbon/src/client/components/ui/checkbox.tsx +27 -0
  210. package/carbon/src/client/components/ui/collapsible.tsx +15 -0
  211. package/carbon/src/client/components/ui/command.tsx +178 -0
  212. package/carbon/src/client/components/ui/context-menu.tsx +233 -0
  213. package/carbon/src/client/components/ui/dialog.tsx +132 -0
  214. package/carbon/src/client/components/ui/drawer.tsx +118 -0
  215. package/carbon/src/client/components/ui/dropdown-menu.tsx +242 -0
  216. package/carbon/src/client/components/ui/empty.tsx +94 -0
  217. package/carbon/src/client/components/ui/field.tsx +226 -0
  218. package/carbon/src/client/components/ui/hover-card.tsx +44 -0
  219. package/carbon/src/client/components/ui/input-group.tsx +146 -0
  220. package/carbon/src/client/components/ui/input-otp.tsx +83 -0
  221. package/carbon/src/client/components/ui/input.tsx +20 -0
  222. package/carbon/src/client/components/ui/item.tsx +188 -0
  223. package/carbon/src/client/components/ui/kbd.tsx +26 -0
  224. package/carbon/src/client/components/ui/label.tsx +21 -0
  225. package/carbon/src/client/components/ui/menubar.tsx +250 -0
  226. package/carbon/src/client/components/ui/navigation-menu.tsx +155 -0
  227. package/carbon/src/client/components/ui/pagination.tsx +102 -0
  228. package/carbon/src/client/components/ui/popover.tsx +75 -0
  229. package/carbon/src/client/components/ui/progress.tsx +66 -0
  230. package/carbon/src/client/components/ui/radio-group.tsx +36 -0
  231. package/carbon/src/client/components/ui/resizable.tsx +46 -0
  232. package/carbon/src/client/components/ui/scroll-area.tsx +48 -0
  233. package/carbon/src/client/components/ui/select.tsx +186 -0
  234. package/carbon/src/client/components/ui/separator.tsx +21 -0
  235. package/carbon/src/client/components/ui/sheet.tsx +124 -0
  236. package/carbon/src/client/components/ui/sidebar.tsx +702 -0
  237. package/carbon/src/client/components/ui/skeleton.tsx +13 -0
  238. package/carbon/src/client/components/ui/slider.tsx +57 -0
  239. package/carbon/src/client/components/ui/sonner.tsx +45 -0
  240. package/carbon/src/client/components/ui/spinner.tsx +15 -0
  241. package/carbon/src/client/components/ui/switch.tsx +30 -0
  242. package/carbon/src/client/components/ui/table.tsx +89 -0
  243. package/carbon/src/client/components/ui/tabs.tsx +73 -0
  244. package/carbon/src/client/components/ui/textarea.tsx +18 -0
  245. package/carbon/src/client/components/ui/toggle-group.tsx +87 -0
  246. package/carbon/src/client/components/ui/toggle.tsx +44 -0
  247. package/carbon/src/client/components/ui/tooltip.tsx +56 -0
  248. package/carbon/src/client/hooks/api/index.ts +14 -0
  249. package/carbon/src/client/hooks/api/useAuthSettings.ts +80 -0
  250. package/carbon/src/client/hooks/api/useSubscription.ts +87 -0
  251. package/carbon/src/client/hooks/use-mobile.ts +21 -0
  252. package/carbon/src/client/hooks/useMousePosition.ts +91 -0
  253. package/carbon/src/client/hooks/useNotifications.tsx +124 -0
  254. package/carbon/src/client/hooks/useOrganizationMembers.ts +127 -0
  255. package/carbon/src/client/hooks/useOrganizations.tsx +230 -0
  256. package/carbon/src/client/hooks/usePackageManager.ts +69 -0
  257. package/carbon/src/client/hooks/useReducedMotion.ts +20 -0
  258. package/carbon/src/client/hooks/useRunningServices.ts +114 -0
  259. package/carbon/src/client/hooks/useScrollProgress.ts +56 -0
  260. package/carbon/src/client/index.css +467 -0
  261. package/carbon/src/client/index.html +56 -0
  262. package/carbon/src/client/lib/admin-services.ts +151 -0
  263. package/carbon/src/client/lib/api.ts +32 -0
  264. package/carbon/src/client/lib/blog.ts +35 -0
  265. package/carbon/src/client/lib/changelog.ts +33 -0
  266. package/carbon/src/client/lib/docs-search.ts +101 -0
  267. package/carbon/src/client/lib/docs.ts +37 -0
  268. package/carbon/src/client/lib/i18n.ts +32 -0
  269. package/carbon/src/client/lib/supabase.ts +72 -0
  270. package/carbon/src/client/lib/tailwind-colors.ts +357 -0
  271. package/carbon/src/client/lib/theme.ts +117 -0
  272. package/carbon/src/client/lib/utils.ts +22 -0
  273. package/carbon/src/client/locales/de.json +529 -0
  274. package/carbon/src/client/locales/en.json +461 -0
  275. package/carbon/src/client/locales/es.json +529 -0
  276. package/carbon/src/client/locales/fr.json +529 -0
  277. package/carbon/src/client/locales/pt.json +529 -0
  278. package/carbon/src/client/main.tsx +56 -0
  279. package/carbon/src/client/mdx.d.ts +13 -0
  280. package/carbon/src/client/pages/ApiDocs.tsx +76 -0
  281. package/carbon/src/client/pages/AuthCallback.tsx +34 -0
  282. package/carbon/src/client/pages/Blog.tsx +167 -0
  283. package/carbon/src/client/pages/Changelog.tsx +171 -0
  284. package/carbon/src/client/pages/Charts.tsx +388 -0
  285. package/carbon/src/client/pages/Checkout.tsx +227 -0
  286. package/carbon/src/client/pages/Contact.tsx +174 -0
  287. package/carbon/src/client/pages/Dashboard.tsx +368 -0
  288. package/carbon/src/client/pages/Docs.tsx +372 -0
  289. package/carbon/src/client/pages/ForgotPassword.tsx +111 -0
  290. package/carbon/src/client/pages/Home.tsx +187 -0
  291. package/carbon/src/client/pages/Legal.tsx +100 -0
  292. package/carbon/src/client/pages/Login.tsx +408 -0
  293. package/carbon/src/client/pages/MFAVerify.tsx +156 -0
  294. package/carbon/src/client/pages/NotFound.tsx +21 -0
  295. package/carbon/src/client/pages/Onboarding.tsx +246 -0
  296. package/carbon/src/client/pages/ResetPassword.tsx +200 -0
  297. package/carbon/src/client/pages/UIComponents.tsx +390 -0
  298. package/carbon/src/client/pages/admin/ContactSubmissions.tsx +220 -0
  299. package/carbon/src/client/pages/admin/Dashboard.tsx +24 -0
  300. package/carbon/src/client/pages/admin/Infrastructure.tsx +257 -0
  301. package/carbon/src/client/pages/admin/Jobs.tsx +225 -0
  302. package/carbon/src/client/pages/admin/Logs.tsx +18 -0
  303. package/carbon/src/client/pages/admin/Newsletter.tsx +300 -0
  304. package/carbon/src/client/pages/admin/Notifications.tsx +603 -0
  305. package/carbon/src/client/pages/admin/Organizations.tsx +306 -0
  306. package/carbon/src/client/pages/admin/Settings.tsx +314 -0
  307. package/carbon/src/client/pages/admin/Theme.tsx +465 -0
  308. package/carbon/src/client/pages/admin/Users.tsx +365 -0
  309. package/carbon/src/client/pages/api-docs.css +156 -0
  310. package/carbon/src/client/pages/organizations/Details.tsx +200 -0
  311. package/carbon/src/client/pages/organizations/Members.tsx +402 -0
  312. package/carbon/src/client/pages/settings/Billing.tsx +473 -0
  313. package/carbon/src/client/pages/settings/Profile.tsx +160 -0
  314. package/carbon/src/client/pages/settings/Security.tsx +341 -0
  315. package/carbon/src/client/public/favicon.svg +19 -0
  316. package/carbon/src/client/public/robots.txt +8 -0
  317. package/carbon/src/server/billing/index.ts +104 -0
  318. package/carbon/src/server/billing/provider.ts +81 -0
  319. package/carbon/src/server/billing/providers/paddle.ts +314 -0
  320. package/carbon/src/server/billing/providers/polar.ts +325 -0
  321. package/carbon/src/server/billing/providers/stripe.ts +233 -0
  322. package/carbon/src/server/emails/templates.ts +116 -0
  323. package/carbon/src/server/index.ts +554 -0
  324. package/carbon/src/server/lib/auth.ts +6 -0
  325. package/carbon/src/server/lib/email.ts +64 -0
  326. package/carbon/src/server/lib/env.ts +112 -0
  327. package/carbon/src/server/lib/errors.ts +21 -0
  328. package/carbon/src/server/lib/logger.ts +17 -0
  329. package/carbon/src/server/lib/rate-limiter.ts +288 -0
  330. package/carbon/src/server/lib/request.ts +34 -0
  331. package/carbon/src/server/lib/stripe.ts +42 -0
  332. package/carbon/src/server/lib/supabase.ts +65 -0
  333. package/carbon/src/server/middleware/requirePlan.ts +80 -0
  334. package/carbon/src/server/routes/_internal/services-status.ts +958 -0
  335. package/carbon/src/server/routes/_internal/verify-role.ts +185 -0
  336. package/carbon/src/server/routes/health.ts +48 -0
  337. package/carbon/src/server/routes/v1/admin/contact.ts +128 -0
  338. package/carbon/src/server/routes/v1/admin/jobs.ts +171 -0
  339. package/carbon/src/server/routes/v1/admin/newsletter.ts +237 -0
  340. package/carbon/src/server/routes/v1/auth.ts +390 -0
  341. package/carbon/src/server/routes/v1/billing.ts +718 -0
  342. package/carbon/src/server/routes/v1/contact.ts +93 -0
  343. package/carbon/src/server/routes/v1/index.ts +1333 -0
  344. package/carbon/src/server/routes/v1/newsletter.ts +181 -0
  345. package/carbon/src/server/routes/v1/performance.ts +157 -0
  346. package/carbon/src/server/routes/v1/stats.ts +170 -0
  347. package/carbon/src/server/routes/v1/theme.ts +106 -0
  348. package/carbon/src/server/routes/webhooks/billing.ts +376 -0
  349. package/carbon/src/server/routes/webhooks/stripe.ts +276 -0
  350. package/carbon/src/server/types.ts +11 -0
  351. package/carbon/src/shared/pricing.ts +155 -0
  352. package/carbon/src/shared/types.ts +338 -0
  353. package/carbon/supabase/migrations/00001_init.sql +717 -0
  354. package/carbon/supabase/migrations/00002_theme_settings.sql +13 -0
  355. package/carbon/supabase/migrations/00003_pg_cron.sql +121 -0
  356. package/carbon/supabase/migrations/00004_contact_newsletter.sql +81 -0
  357. package/carbon/supabase/migrations/00005_localization_languages.sql +22 -0
  358. package/carbon/supabase/seed.sql +16 -0
  359. package/carbon/tests/_helpers/app.ts +45 -0
  360. package/carbon/tests/_helpers/env.ts +37 -0
  361. package/carbon/tests/_helpers/factories.ts +69 -0
  362. package/carbon/tests/_helpers/jwt.ts +23 -0
  363. package/carbon/tests/_helpers/setup-integration.ts +20 -0
  364. package/carbon/tests/_helpers/setup-rtl.ts +12 -0
  365. package/carbon/tests/component/ErrorBoundary.test.tsx +53 -0
  366. package/carbon/tests/component/use-auth-settings.test.tsx +119 -0
  367. package/carbon/tests/integration/server/routes/contact.test.ts +162 -0
  368. package/carbon/tests/integration/server/routes/health.test.ts +61 -0
  369. package/carbon/tests/structural/i18n-parity.test.ts +42 -0
  370. package/carbon/tests/unit/client/utils.test.ts +49 -0
  371. package/carbon/tests/unit/shared/pricing.test.ts +93 -0
  372. package/carbon/tsconfig.json +27 -0
  373. package/carbon/tsconfig.server.json +27 -0
  374. package/carbon/tsconfig.test.json +9 -0
  375. package/carbon/vite.config.ts +110 -0
  376. package/carbon/vitest.config.ts +74 -0
  377. package/carbon/volumes/db/jwt.sql +57 -0
  378. package/carbon/volumes/db/metabase-init.sh +29 -0
  379. package/carbon/volumes/db/n8n-init.sh +25 -0
  380. package/carbon/volumes/db/realtime.sql +33 -0
  381. package/carbon/volumes/db/roles.sql +93 -0
  382. package/carbon/volumes/db/set-passwords.sh +12 -0
  383. package/carbon/volumes/db/super-admin.dev.sql +113 -0
  384. package/carbon/volumes/db/super-admin.generated.sql +113 -0
  385. package/carbon/volumes/db/super-admin.sql +114 -0
  386. package/carbon/volumes/grafana/dashboards/logs.json +179 -0
  387. package/carbon/volumes/grafana/dashboards/overview.json +523 -0
  388. package/carbon/volumes/grafana/dashboards/postgresql.json +337 -0
  389. package/carbon/volumes/grafana/dashboards.dev/logs.json +179 -0
  390. package/carbon/volumes/grafana/dashboards.dev/overview.json +156 -0
  391. package/carbon/volumes/grafana/dashboards.dev/postgresql.json +337 -0
  392. package/carbon/volumes/grafana/provisioning/dashboards/dashboards.dev.yml +16 -0
  393. package/carbon/volumes/grafana/provisioning/dashboards/dashboards.yml +16 -0
  394. package/carbon/volumes/grafana/provisioning/datasources/datasources.yml +43 -0
  395. package/carbon/volumes/kong/docker-entrypoint.sh +9 -0
  396. package/carbon/volumes/kong/kong.yml +208 -0
  397. package/carbon/volumes/loki/loki-config.yml +58 -0
  398. package/carbon/volumes/n8n/hooks.js +131 -0
  399. package/carbon/volumes/n8n/scripts/setup.sh +66 -0
  400. package/carbon/volumes/prometheus/prometheus.yml +43 -0
  401. package/carbon/volumes/promtail/promtail-config.yml +64 -0
  402. package/carbon/volumes/traefik/middlewares.dev.yml +83 -0
  403. package/carbon/volumes/traefik/middlewares.yml +95 -0
  404. package/carbon/volumes/traefik/vite-dev.yml +20 -0
  405. package/package.json +95 -0
  406. package/src/access.js +354 -0
  407. package/src/activate.js +187 -0
  408. package/src/add.js +718 -0
  409. package/src/backup.js +786 -0
  410. package/src/cli.js +350 -0
  411. package/src/configure.js +967 -0
  412. package/src/console.js +155 -0
  413. package/src/create.js +1499 -0
  414. package/src/deploy.js +311 -0
  415. package/src/destroy.js +2033 -0
  416. package/src/diagnose.js +735 -0
  417. package/src/down.js +80 -0
  418. package/src/failover.js +1032 -0
  419. package/src/lib/backup-s3.js +179 -0
  420. package/src/lib/build.js +33 -0
  421. package/src/lib/checksum.js +28 -0
  422. package/src/lib/ci-setup.js +666 -0
  423. package/src/lib/cli/help.js +129 -0
  424. package/src/lib/cli/parse-flags.js +160 -0
  425. package/src/lib/cli/select-action.js +65 -0
  426. package/src/lib/cli/select-environment.js +108 -0
  427. package/src/lib/cli/tty-guard.js +75 -0
  428. package/src/lib/cloudflare.js +447 -0
  429. package/src/lib/colors.js +52 -0
  430. package/src/lib/command.js +361 -0
  431. package/src/lib/config.js +359 -0
  432. package/src/lib/cost.js +103 -0
  433. package/src/lib/deploy/bundle.js +231 -0
  434. package/src/lib/deploy/compose/acme-verify.js +121 -0
  435. package/src/lib/deploy/compose/build-args.js +78 -0
  436. package/src/lib/deploy/compose/ha.js +1874 -0
  437. package/src/lib/deploy/compose/index.js +1294 -0
  438. package/src/lib/deploy/compose/reconcile.js +74 -0
  439. package/src/lib/deploy/github.js +382 -0
  440. package/src/lib/deploy/image.js +191 -0
  441. package/src/lib/deploy/index.js +119 -0
  442. package/src/lib/deploy/k8s/LICENSE +99 -0
  443. package/src/lib/deploy/k8s/gitops-deploy.js +298 -0
  444. package/src/lib/deploy/k8s/ha/index.js +1000 -0
  445. package/src/lib/deploy/k8s/index.js +62 -0
  446. package/src/lib/deploy/k8s/k3s.js +2515 -0
  447. package/src/lib/deploy/orchestrator.js +1401 -0
  448. package/src/lib/deploy/prompts.js +545 -0
  449. package/src/lib/deploy/remote-build.js +130 -0
  450. package/src/lib/deploy/state.js +120 -0
  451. package/src/lib/deploy/utils.js +328 -0
  452. package/src/lib/deploy-logger.js +93 -0
  453. package/src/lib/dns-propagation.js +48 -0
  454. package/src/lib/environment.js +58 -0
  455. package/src/lib/fetch-retry.js +103 -0
  456. package/src/lib/github-environments.js +335 -0
  457. package/src/lib/hetzner-dns.js +377 -0
  458. package/src/lib/hetzner-guided-setup.js +275 -0
  459. package/src/lib/host-keys.js +37 -0
  460. package/src/lib/iac/cloud-init.js +52 -0
  461. package/src/lib/iac/index.js +325 -0
  462. package/src/lib/iac/programs/hetzner-compose.js +130 -0
  463. package/src/lib/iac/programs/hetzner-k8s.js +320 -0
  464. package/src/lib/kubectl.js +81 -0
  465. package/src/lib/licensing/index.js +259 -0
  466. package/src/lib/licensing/tiers.js +181 -0
  467. package/src/lib/licensing/validator.js +171 -0
  468. package/src/lib/merge-package-json.js +90 -0
  469. package/src/lib/operator-ip.js +381 -0
  470. package/src/lib/package-manager.js +111 -0
  471. package/src/lib/perf.js +71 -0
  472. package/src/lib/project-guard.js +39 -0
  473. package/src/lib/project.js +334 -0
  474. package/src/lib/providers/base.js +276 -0
  475. package/src/lib/providers/hetzner-s3.js +656 -0
  476. package/src/lib/providers/hetzner.js +755 -0
  477. package/src/lib/providers/index.js +164 -0
  478. package/src/lib/s3.js +510 -0
  479. package/src/lib/secret-scan.js +583 -0
  480. package/src/lib/secrets.js +63 -0
  481. package/src/lib/server-types.js +195 -0
  482. package/src/lib/shell.js +91 -0
  483. package/src/lib/ssh.js +241 -0
  484. package/src/lib/tracker.js +242 -0
  485. package/src/lib/upgrade-policy.js +170 -0
  486. package/src/lib/validators.js +105 -0
  487. package/src/lib/version.js +5 -0
  488. package/src/remove.js +292 -0
  489. package/src/reset.js +97 -0
  490. package/src/restore.js +871 -0
  491. package/src/scale.js +1734 -0
  492. package/src/shell.js +222 -0
  493. package/src/status.js +981 -0
  494. package/src/up.js +264 -0
  495. package/src/upgrade.js +721 -0
@@ -0,0 +1,466 @@
1
+ import type {
2
+ AuthMFAChallengeResponse,
3
+ AuthMFAEnrollResponse,
4
+ Factor,
5
+ Session,
6
+ User,
7
+ } from '@supabase/supabase-js';
8
+ import {
9
+ createContext,
10
+ type ReactNode,
11
+ useCallback,
12
+ useContext,
13
+ useEffect,
14
+ useMemo,
15
+ useState,
16
+ } from 'react';
17
+ import { useMfaRequired } from '../../hooks/api';
18
+ import { supabase } from '../../lib/supabase';
19
+
20
+ type MFAChallenge = {
21
+ factorId: string;
22
+ challengeId: string;
23
+ };
24
+
25
+ const IMPERSONATION_KEY = 'impersonation_admin_session';
26
+
27
+ type ImpersonationInfo = {
28
+ userId: string;
29
+ email: string;
30
+ name: string | null;
31
+ };
32
+
33
+ type AuthContextType = {
34
+ user: User | null;
35
+ session: Session | null;
36
+ isLoading: boolean;
37
+ /** Super admin can access the Super Admin panel and administrate the entire system */
38
+ isSuperAdmin: boolean;
39
+ /** Whether MFA is required app-wide (set by admin) */
40
+ mfaRequired: boolean;
41
+ /** Whether current user has MFA enabled */
42
+ hasMfaEnabled: boolean;
43
+ /** Pending MFA challenge (set during login when MFA is required) */
44
+ pendingMfaChallenge: MFAChallenge | null;
45
+ /** Whether currently impersonating another user */
46
+ isImpersonating: boolean;
47
+ /** Info about the user being impersonated */
48
+ impersonationTarget: ImpersonationInfo | null;
49
+ signIn: {
50
+ email: (email: string, password: string) => Promise<{ requiresMfa: boolean }>;
51
+ google: () => Promise<void>;
52
+ microsoft: () => Promise<void>;
53
+ github: () => Promise<void>;
54
+ apple: () => Promise<void>;
55
+ discord: () => Promise<void>;
56
+ magicLink: (email: string) => Promise<void>;
57
+ };
58
+ signUp: (email: string, password: string, name?: string) => Promise<void>;
59
+ signOut: () => Promise<void>;
60
+ /** Clear pending MFA challenge (e.g., when user cancels) */
61
+ clearMfaChallenge: () => void;
62
+ /** Impersonate a user (super admin only) */
63
+ impersonateUser: (userId: string) => Promise<void>;
64
+ /** Stop impersonating and return to admin session */
65
+ stopImpersonating: () => Promise<void>;
66
+ /** MFA operations */
67
+ mfa: {
68
+ /** Enroll a new TOTP factor */
69
+ enroll: (friendlyName?: string) => Promise<AuthMFAEnrollResponse['data']>;
70
+ /** Create a challenge for an enrolled factor */
71
+ challenge: (factorId: string) => Promise<AuthMFAChallengeResponse['data']>;
72
+ /** Verify a challenge with a TOTP code */
73
+ verify: (factorId: string, challengeId: string, code: string) => Promise<void>;
74
+ /** Combined challenge and verify (convenience method) */
75
+ challengeAndVerify: (factorId: string, code: string) => Promise<void>;
76
+ /** Unenroll a factor */
77
+ unenroll: (factorId: string) => Promise<void>;
78
+ /** List enrolled factors */
79
+ listFactors: () => Promise<Factor[]>;
80
+ /** Get current authenticator assurance level */
81
+ getAAL: () => Promise<{ currentLevel: string | null; nextLevel: string | null }>;
82
+ };
83
+ };
84
+
85
+ const AuthContext = createContext<AuthContextType | undefined>(undefined);
86
+
87
+ export function AuthProvider({ children }: { children: ReactNode }) {
88
+ const [user, setUser] = useState<User | null>(null);
89
+ const [session, setSession] = useState<Session | null>(null);
90
+ const [isLoading, setIsLoading] = useState(true);
91
+ const [hasMfaEnabled, setHasMfaEnabled] = useState(false);
92
+ const [pendingMfaChallenge, setPendingMfaChallenge] = useState<MFAChallenge | null>(null);
93
+ const [isImpersonating, setIsImpersonating] = useState(
94
+ () => !!localStorage.getItem(IMPERSONATION_KEY)
95
+ );
96
+ const [impersonationTarget, setImpersonationTarget] = useState<ImpersonationInfo | null>(() => {
97
+ const saved = localStorage.getItem(`${IMPERSONATION_KEY}_target`);
98
+ return saved ? JSON.parse(saved) : null;
99
+ });
100
+
101
+ // Use shared hook for MFA requirement (cached via TanStack Query)
102
+ const { mfaRequired } = useMfaRequired();
103
+
104
+ // Check if user has MFA enabled
105
+ const checkUserMfa = useCallback(async () => {
106
+ try {
107
+ const { data } = await supabase.auth.mfa.listFactors();
108
+ const verifiedFactors = data?.totp?.filter((f) => f.status === 'verified') || [];
109
+ setHasMfaEnabled(verifiedFactors.length > 0);
110
+ } catch {
111
+ setHasMfaEnabled(false);
112
+ }
113
+ }, []);
114
+
115
+ useEffect(() => {
116
+ // Validate session on mount by calling getUser() which checks with the server
117
+ // This handles cases where the database was reset but browser still has cached tokens
118
+ const validateSession = async () => {
119
+ const {
120
+ data: { session },
121
+ } = await supabase.auth.getSession();
122
+
123
+ if (session) {
124
+ // Validate the session with the server
125
+ const {
126
+ data: { user },
127
+ error,
128
+ } = await supabase.auth.getUser();
129
+
130
+ if (error || !user) {
131
+ // Session is invalid (e.g., user deleted, database reset)
132
+ await supabase.auth.signOut();
133
+ setSession(null);
134
+ setUser(null);
135
+ } else {
136
+ setSession(session);
137
+ setUser(user);
138
+ // Check MFA status for this user
139
+ checkUserMfa();
140
+ }
141
+ } else {
142
+ setSession(null);
143
+ setUser(null);
144
+ }
145
+
146
+ setIsLoading(false);
147
+ };
148
+
149
+ validateSession();
150
+
151
+ // Listen for auth changes
152
+ const {
153
+ data: { subscription },
154
+ } = supabase.auth.onAuthStateChange((_event, session) => {
155
+ setSession(session);
156
+ setUser(session?.user ?? null);
157
+ setIsLoading(false);
158
+
159
+ // Update MFA status when user changes
160
+ if (session?.user) {
161
+ checkUserMfa();
162
+ } else {
163
+ setHasMfaEnabled(false);
164
+ }
165
+ });
166
+
167
+ return () => subscription.unsubscribe();
168
+ }, [checkUserMfa]);
169
+
170
+ const signIn = {
171
+ email: async (email: string, password: string): Promise<{ requiresMfa: boolean }> => {
172
+ // Single API call handles lockout check, auth, and lockout recording
173
+ const response = await fetch('/api/v1/auth/login', {
174
+ method: 'POST',
175
+ headers: { 'Content-Type': 'application/json' },
176
+ body: JSON.stringify({ email, password }),
177
+ });
178
+
179
+ const data = await response.json();
180
+
181
+ if (!response.ok) {
182
+ throw new Error(data.error || 'Login failed');
183
+ }
184
+
185
+ // Set the session from server response
186
+ const { error: sessionError } = await supabase.auth.setSession({
187
+ access_token: data.session.access_token,
188
+ refresh_token: data.session.refresh_token,
189
+ });
190
+
191
+ if (sessionError) {
192
+ throw sessionError;
193
+ }
194
+
195
+ // Check if user has MFA factors
196
+ const { data: factors } = await supabase.auth.mfa.listFactors();
197
+ const verifiedFactors = factors?.totp?.filter((f) => f.status === 'verified') || [];
198
+
199
+ if (verifiedFactors.length > 0) {
200
+ // User has MFA - create challenge
201
+ const { data: challenge, error: challengeError } = await supabase.auth.mfa.challenge({
202
+ factorId: verifiedFactors[0].id,
203
+ });
204
+
205
+ if (challengeError) {
206
+ throw challengeError;
207
+ }
208
+
209
+ if (challenge) {
210
+ setPendingMfaChallenge({
211
+ factorId: verifiedFactors[0].id,
212
+ challengeId: challenge.id,
213
+ });
214
+ return { requiresMfa: true };
215
+ }
216
+ }
217
+
218
+ return { requiresMfa: false };
219
+ },
220
+ google: async () => {
221
+ const { error } = await supabase.auth.signInWithOAuth({
222
+ provider: 'google',
223
+ options: {
224
+ redirectTo: `${window.location.origin}/auth/callback`,
225
+ },
226
+ });
227
+ if (error) throw error;
228
+ },
229
+ microsoft: async () => {
230
+ const { error } = await supabase.auth.signInWithOAuth({
231
+ provider: 'azure',
232
+ options: {
233
+ redirectTo: `${window.location.origin}/auth/callback`,
234
+ scopes: 'email',
235
+ },
236
+ });
237
+ if (error) throw error;
238
+ },
239
+ github: async () => {
240
+ const { error } = await supabase.auth.signInWithOAuth({
241
+ provider: 'github',
242
+ options: {
243
+ redirectTo: `${window.location.origin}/auth/callback`,
244
+ },
245
+ });
246
+ if (error) throw error;
247
+ },
248
+ apple: async () => {
249
+ const { error } = await supabase.auth.signInWithOAuth({
250
+ provider: 'apple',
251
+ options: {
252
+ redirectTo: `${window.location.origin}/auth/callback`,
253
+ },
254
+ });
255
+ if (error) throw error;
256
+ },
257
+ discord: async () => {
258
+ const { error } = await supabase.auth.signInWithOAuth({
259
+ provider: 'discord',
260
+ options: {
261
+ redirectTo: `${window.location.origin}/auth/callback`,
262
+ },
263
+ });
264
+ if (error) throw error;
265
+ },
266
+ magicLink: async (email: string) => {
267
+ const { error } = await supabase.auth.signInWithOtp({
268
+ email,
269
+ options: {
270
+ emailRedirectTo: `${window.location.origin}/auth/callback`,
271
+ },
272
+ });
273
+ if (error) throw error;
274
+ },
275
+ };
276
+
277
+ const impersonateUser = async (userId: string) => {
278
+ // Save current admin session
279
+ const {
280
+ data: { session: adminSession },
281
+ } = await supabase.auth.getSession();
282
+ if (!adminSession) throw new Error('No active session');
283
+
284
+ // Request impersonation token from server
285
+ const response = await fetch(`/api/v1/admin/impersonate/${userId}`, {
286
+ method: 'POST',
287
+ headers: {
288
+ 'Content-Type': 'application/json',
289
+ Authorization: `Bearer ${adminSession.access_token}`,
290
+ },
291
+ });
292
+
293
+ const data = await response.json();
294
+ if (!response.ok) {
295
+ throw new Error(data.error || 'Failed to impersonate user');
296
+ }
297
+
298
+ // Store admin session for later restoration
299
+ localStorage.setItem(IMPERSONATION_KEY, JSON.stringify(adminSession));
300
+ const target: ImpersonationInfo = {
301
+ userId: data.user.id,
302
+ email: data.user.email,
303
+ name: data.user.name,
304
+ };
305
+ localStorage.setItem(`${IMPERSONATION_KEY}_target`, JSON.stringify(target));
306
+
307
+ // Verify the magic link token to get a session as the target user
308
+ const { error } = await supabase.auth.verifyOtp({
309
+ token_hash: data.tokenHash,
310
+ type: 'magiclink',
311
+ });
312
+
313
+ if (error) {
314
+ localStorage.removeItem(IMPERSONATION_KEY);
315
+ localStorage.removeItem(`${IMPERSONATION_KEY}_target`);
316
+ throw error;
317
+ }
318
+
319
+ setIsImpersonating(true);
320
+ setImpersonationTarget(target);
321
+ };
322
+
323
+ const stopImpersonating = async () => {
324
+ const saved = localStorage.getItem(IMPERSONATION_KEY);
325
+ localStorage.removeItem(IMPERSONATION_KEY);
326
+ localStorage.removeItem(`${IMPERSONATION_KEY}_target`);
327
+ setIsImpersonating(false);
328
+ setImpersonationTarget(null);
329
+
330
+ if (saved) {
331
+ const adminSession = JSON.parse(saved);
332
+ await supabase.auth.setSession({
333
+ access_token: adminSession.access_token,
334
+ refresh_token: adminSession.refresh_token,
335
+ });
336
+ }
337
+ };
338
+
339
+ const signUp = async (email: string, password: string, name?: string) => {
340
+ const { error } = await supabase.auth.signUp({
341
+ email,
342
+ password,
343
+ options: {
344
+ data: {
345
+ full_name: name,
346
+ },
347
+ },
348
+ });
349
+ if (error) throw error;
350
+ };
351
+
352
+ const signOut = async () => {
353
+ setPendingMfaChallenge(null);
354
+ localStorage.removeItem(IMPERSONATION_KEY);
355
+ localStorage.removeItem(`${IMPERSONATION_KEY}_target`);
356
+ setIsImpersonating(false);
357
+ setImpersonationTarget(null);
358
+ const { error } = await supabase.auth.signOut();
359
+ if (error) throw error;
360
+ };
361
+
362
+ const clearMfaChallenge = () => {
363
+ setPendingMfaChallenge(null);
364
+ };
365
+
366
+ // MFA operations
367
+ const mfa = {
368
+ enroll: async (friendlyName?: string) => {
369
+ const { data, error } = await supabase.auth.mfa.enroll({
370
+ factorType: 'totp',
371
+ friendlyName,
372
+ });
373
+ if (error) throw error;
374
+ return data;
375
+ },
376
+ challenge: async (factorId: string) => {
377
+ const { data, error } = await supabase.auth.mfa.challenge({ factorId });
378
+ if (error) throw error;
379
+ return data;
380
+ },
381
+ verify: async (factorId: string, challengeId: string, code: string) => {
382
+ const { error } = await supabase.auth.mfa.verify({
383
+ factorId,
384
+ challengeId,
385
+ code,
386
+ });
387
+ if (error) throw error;
388
+ setPendingMfaChallenge(null);
389
+ // Refresh MFA status
390
+ checkUserMfa();
391
+ },
392
+ challengeAndVerify: async (factorId: string, code: string) => {
393
+ const { error } = await supabase.auth.mfa.challengeAndVerify({
394
+ factorId,
395
+ code,
396
+ });
397
+ if (error) throw error;
398
+ setPendingMfaChallenge(null);
399
+ checkUserMfa();
400
+ },
401
+ unenroll: async (factorId: string) => {
402
+ const { error } = await supabase.auth.mfa.unenroll({ factorId });
403
+ if (error) throw error;
404
+ checkUserMfa();
405
+ },
406
+ listFactors: async () => {
407
+ const { data, error } = await supabase.auth.mfa.listFactors();
408
+ if (error) throw error;
409
+ return data?.totp || [];
410
+ },
411
+ getAAL: async () => {
412
+ const { data, error } = await supabase.auth.mfa.getAuthenticatorAssuranceLevel();
413
+ if (error) throw error;
414
+ return {
415
+ currentLevel: data?.currentLevel ?? null,
416
+ nextLevel: data?.nextLevel ?? null,
417
+ };
418
+ },
419
+ };
420
+
421
+ // Super admin role is stored in app_metadata (set via Supabase admin API)
422
+ const isSuperAdmin = user?.app_metadata?.role === 'super_admin';
423
+
424
+ // biome-ignore lint/correctness/useExhaustiveDependencies: signIn/signUp/signOut/mfa/impersonateUser/stopImpersonating/clearMfaChallenge are stable references that don't need to trigger re-renders
425
+ const value = useMemo(
426
+ () => ({
427
+ user,
428
+ session,
429
+ isLoading,
430
+ isSuperAdmin,
431
+ mfaRequired,
432
+ hasMfaEnabled,
433
+ pendingMfaChallenge,
434
+ isImpersonating,
435
+ impersonationTarget,
436
+ signIn,
437
+ signUp,
438
+ signOut,
439
+ clearMfaChallenge,
440
+ impersonateUser,
441
+ stopImpersonating,
442
+ mfa,
443
+ }),
444
+ [
445
+ user,
446
+ session,
447
+ isLoading,
448
+ isSuperAdmin,
449
+ mfaRequired,
450
+ hasMfaEnabled,
451
+ pendingMfaChallenge,
452
+ isImpersonating,
453
+ impersonationTarget,
454
+ ]
455
+ );
456
+
457
+ return <AuthContext.Provider value={value}>{children}</AuthContext.Provider>;
458
+ }
459
+
460
+ export function useAuth() {
461
+ const context = useContext(AuthContext);
462
+ if (context === undefined) {
463
+ throw new Error('useAuth must be used within an AuthProvider');
464
+ }
465
+ return context;
466
+ }
@@ -0,0 +1,35 @@
1
+ import { useReducedMotion } from '../../hooks/useReducedMotion';
2
+
3
+ interface FilmGrainOverlayProps {
4
+ opacity?: number;
5
+ animated?: boolean;
6
+ }
7
+
8
+ /**
9
+ * Film grain overlay for anodized metal/industrial feel
10
+ * Uses SVG noise filter for subtle texture
11
+ */
12
+ export function FilmGrainOverlay({ opacity = 0.03, animated = false }: FilmGrainOverlayProps) {
13
+ const prefersReducedMotion = useReducedMotion();
14
+ const shouldAnimate = animated && !prefersReducedMotion;
15
+
16
+ return (
17
+ <div
18
+ className="fixed inset-0 pointer-events-none z-[9999]"
19
+ style={{ mixBlendMode: 'overlay' }}
20
+ aria-hidden="true"
21
+ >
22
+ <svg className="w-full h-full" style={{ opacity }} aria-hidden="true">
23
+ <filter id="film-grain-filter">
24
+ <feTurbulence type="fractalNoise" baseFrequency="0.8" numOctaves="4" stitchTiles="stitch">
25
+ {shouldAnimate && (
26
+ <animate attributeName="seed" from="0" to="100" dur="1s" repeatCount="indefinite" />
27
+ )}
28
+ </feTurbulence>
29
+ <feColorMatrix type="saturate" values="0" />
30
+ </filter>
31
+ <rect width="100%" height="100%" filter="url(#film-grain-filter)" />
32
+ </svg>
33
+ </div>
34
+ );
35
+ }
@@ -0,0 +1,49 @@
1
+ import { cn } from '../../lib/utils';
2
+
3
+ interface FresnelEdgeProps {
4
+ children: React.ReactNode;
5
+ className?: string;
6
+ edgeColor?: string;
7
+ glowStrength?: number;
8
+ }
9
+
10
+ /**
11
+ * Fresnel edge effect - glowing 1px edges on glass objects
12
+ * Creates the "light catching" effect seen on premium glass surfaces
13
+ */
14
+ export function FresnelEdge({
15
+ children,
16
+ className,
17
+ edgeColor = 'rgba(255, 255, 255, 0.15)',
18
+ glowStrength = 0.5,
19
+ }: FresnelEdgeProps) {
20
+ return (
21
+ <div className={cn('relative', className)}>
22
+ {/* Main content */}
23
+ {children}
24
+
25
+ {/* Fresnel edge - top/left lighter (light source from top-left) */}
26
+ <div
27
+ className="absolute inset-0 pointer-events-none rounded-inherit"
28
+ style={{
29
+ boxShadow: `
30
+ inset 1px 1px 0 ${edgeColor},
31
+ inset -1px -1px 0 rgba(0,0,0,0.1),
32
+ 0 0 ${20 * glowStrength}px ${edgeColor}
33
+ `,
34
+ borderRadius: 'inherit',
35
+ }}
36
+ aria-hidden="true"
37
+ />
38
+
39
+ {/* Top edge highlight */}
40
+ <div
41
+ className="absolute top-0 left-[10%] right-[10%] h-[1px] pointer-events-none"
42
+ style={{
43
+ background: `linear-gradient(90deg, transparent, ${edgeColor}, transparent)`,
44
+ }}
45
+ aria-hidden="true"
46
+ />
47
+ </div>
48
+ );
49
+ }
@@ -0,0 +1,46 @@
1
+ import { useEffect, useRef, useState } from 'react';
2
+
3
+ /**
4
+ * Mouse-tracking radial glow overlay for cards.
5
+ *
6
+ * Usage: Place as the first child of a `relative overflow-hidden` container.
7
+ * The glow follows the cursor within the card and fades on mouse leave.
8
+ */
9
+ export function GlowTracker() {
10
+ const ref = useRef<HTMLDivElement>(null);
11
+ const [pos, setPos] = useState({ x: 0, y: 0 });
12
+ const [visible, setVisible] = useState(false);
13
+
14
+ useEffect(() => {
15
+ const parent = ref.current?.parentElement;
16
+ if (!parent) return;
17
+
18
+ const handleMove = (e: MouseEvent) => {
19
+ const rect = parent.getBoundingClientRect();
20
+ setPos({ x: e.clientX - rect.left, y: e.clientY - rect.top });
21
+ };
22
+ const handleEnter = () => setVisible(true);
23
+ const handleLeave = () => setVisible(false);
24
+
25
+ parent.addEventListener('mousemove', handleMove);
26
+ parent.addEventListener('mouseenter', handleEnter);
27
+ parent.addEventListener('mouseleave', handleLeave);
28
+ return () => {
29
+ parent.removeEventListener('mousemove', handleMove);
30
+ parent.removeEventListener('mouseenter', handleEnter);
31
+ parent.removeEventListener('mouseleave', handleLeave);
32
+ };
33
+ }, []);
34
+
35
+ return (
36
+ <div ref={ref} className="absolute inset-0 z-0 pointer-events-none">
37
+ <div
38
+ className="absolute -inset-px rounded-[inherit] transition-opacity duration-300"
39
+ style={{
40
+ opacity: visible ? 1 : 0,
41
+ background: `radial-gradient(600px circle at ${pos.x}px ${pos.y}px, oklch(0.82 0.14 192 / 0.06) 0%, transparent 90%)`,
42
+ }}
43
+ />
44
+ </div>
45
+ );
46
+ }