feat: Phived Pro — authenticated, synced, encrypted tier#103
Open
LukeberryPi wants to merge 3 commits into
Open
feat: Phived Pro — authenticated, synced, encrypted tier#103LukeberryPi wants to merge 3 commits into
LukeberryPi wants to merge 3 commits into
Conversation
Add the glossary terms for the upcoming paid tier (api, free, pro, User, Customer, Subscription, entitlement, LocalOnly, sync, task document, adoption) to CONTEXT.md, and record ADR 0004 capturing the same-origin API, entitlement-vs-auth split, single encrypted task document, and local-first sync trade-offs. Co-authored-by: Cursor <cursoragent@cursor.com>
…t/codex-medium-authentication-sync-encrypt
Add apps/api (Bun + Hono) as the single-origin Railway entrypoint: ports the
site-contract static/security rules into middleware and mounts /api/* for
Better Auth (Google), Polar subscriptions, and an AES-256-GCM encrypted task
document synced via optimistic-concurrency PUT (union history, LWW canvas).
On the client, add AuthProvider + useTaskSync to apps/app: local-first writes
stay instant while Pro mirrors tasks in the background, with a Free/Pro/
LocalOnly mode machine, adoption-on-upgrade, degrade-not-destroy banners, and a
minimal header account slot. Add a /pricing page + upsell band, make analytics
cookieless ("no tracking cookies"), and switch Railway to migrate-then-boot.
Co-authored-by: Cursor <cursoragent@cursor.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds Phived Pro, an authenticated, cross-device tier (Google login, Polar subscriptions, tasks encrypted at rest in Postgres) alongside the unchanged free local-only experience. Both tiers stay local-first so Pro feels just as instant.
apps/api(Bun + Hono) — the single-origin Railway entrypoint. Ports thesite-contractstatic/security rules into middleware (security headers,/sw.jsno-cache,/appSPA fallback,405-on-writes scoped to non-/api) and mounts/api/*.SameSite=Laxsession cookie, built-in rate limiting) +@polar-sh/better-auth(hosted checkout + portal + signed webhooks). Generous, idempotent entitlement mirror with post-checkout confirm and lazy self-heal.GET/PUT /api/tasksbehindrequireActiveEntitlement; AES-256-GCM single master key +key_version; version counter (409 on stalebaseVersion); server merge = union history by id + LWW canvas; ~1MB cap (413). Committed Kysely migrations run migrate-then-boot.apps/app) —AuthProvider+useTaskSync: instant local writes stay the source of truth; debounced push + keepalive flush on hide; pull on load/focus/online; 409 reconcile; multi-tab coherence; backups before overwrite. Free/Pro/LocalOnly mode machine with degrade-not-destroy banners, adoption-on-upgrade, and a minimal header account slot./pricingpage (Free vs Pro, monthly/annual) + index upsell band; analytics made cookieless ("no tracking cookies"); CSPform-actionextended for Google/Polar redirects.docs/adr/0004-phived-pro-auth-sync.md.Test plan
bun run check(format, lint, typecheck, app/api/scripts tests, full site build) — greensite-contractrouting/security tests carried forward against the Hono portdist/(root,/appfallback,/sw.jscache-control,/pricing, CSP)Made with Cursor