builtbykev/vyndr
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity

Session 7h: Stripe products, tier config, scan limits, response gating, free tier

Browse Source
This commit is contained in:
Kev
2026-06-10 13:24:11 -04:00
parent 4e18eb1efe
commit d4e5e76452
16 changed files with 750 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
BUILD-STATE.md
+35 -2
View File
@@ -1,10 +1,43 @@
# VYNDR — Build State
## Last Updated
2026-05-18
2026-06-10
## Current Phase
SHIP BUILD v6.0 — Web Tier Complete (Dashboard + Game Pages + Intelligence Feed + PWA + NexaPay)
SHIP BUILD v7.0 — Stripe Payment Infrastructure + Free-Tier Gating (Session 7h)
## Session 7h (2026-06-10) — SHIPPED
### Stripe (test mode)
Resources created against `sk_test_*` via direct REST API (Stripe MCP plugin OAuth flow was non-functional in this environment; bypassed by hitting `https://api.stripe.com/v1` with the secret key in a single shell subprocess, then shredding the on-disk key file).
- `prod_UgBel9RYTROCxr` — VYNDR (`metadata.tier=analyst`)
- `price_1TgpGxIp1Mec3r2E6Wh6oeaP` — $14.99/mo recurring (`metadata.tier=analyst`)
- `prod_UgBeSBYw2j9oXL` — VYNDR Desk (`metadata.tier=desk`)
- `price_1TgpGyIp1Mec3r2EQq50KKhF` — $44.99/mo recurring (`metadata.tier=desk`)
- `we_1TgpGzIp1Mec3r2ERtDIF2n2` — webhook → `https://api.vyndr.app/api/stripe/webhook`
- Subscribed events: `checkout.session.completed`, `customer.subscription.updated`, `customer.subscription.deleted`, `invoice.payment_failed`
- Signing secret saved to `~/.stripe-webhook-secret` (chmod 600) — read once, paste into Coolify, then `shred -u`.
### Tier infrastructure
- `src/config/tiers.js` — frozen access matrix (`free` / `analyst` / `desk`); `api_access:false` on every tier (non-negotiable consumer-product invariant)
- `src/middleware/scanLimit.js` — 24h rolling per-user/IP quota (free=3, analyst=15, desk=∞); 429 + `Retry-After` + `X-Scans-Used/Limit` headers on overflow; in-memory LRU with `MAX_TRACKED=50_000`
- `src/utils/tierGating.js` — pure response gating; free tier keeps grade/confidence/edge_pct, redacts `reasoning` + `kill_conditions_triggered`; paid tiers pass through
- Wired into `src/routes/scan.js` (`/parlay` after `requireAuth`) and `src/routes/analyze.js` (`/prop` + `/batch`, gating applied per-result)
### SQL (run manually in Supabase SQL Editor)
- `docs/sql/pricing_slots.sql` — creates `pricing_slots` table + RLS + price IDs seeded. Not added to the migrations chain per session policy.
### Tests
- `tests/unit/tiers.test.js` (10 tests) — frozen matrix, `api_access=false` invariant, fallback behavior
- `tests/unit/tierGating.test.js` (9 tests) — free-tier redaction, paid passthrough, no input mutation
- `tests/unit/scanLimit.test.js` (10 tests) — per-tier limits, anonymous IP fallback, independent quotas, desk skip
- Existing suites adapted for the new middleware: `tests/unit/analyzeCache.test.js`, `tests/integration/analyze.test.js`, `tests/integration/scan.test.js` reset the scan-limit map in `beforeEach`; the integration suite for `/api/analyze` mocks `applyTierGating` as pass-through so engine-shape assertions stay focused on the engine contract (gating has its own suite).
### Quality gates (all green)
- `npm test`: **1039 / 1039 passing**, 82 suites, 0 failures
- `web/npm run build`: production build clean, all 24 routes prerendered
- License audit: only permissive third-party licenses (MIT/Apache-2.0/BSD/ISC/etc.); single UNLICENSED entry is our own `vyndr-web` workspace
## Web Tier v6 (2026-05-18) — SHIPPED
Complete frontend overhaul. 18 pages, 22 API routes. `npm run build` passes with zero errors.