Desktop and mobile clients send deviceName and platform in the activate
payload. Without these fields in the schema, they were silently stripped
by Zod. Now accepted as optional fields for contract alignment.
The Python backend users.py route was deleted in the backend cleanup.
Plan updates are already handled by authRepo.updatePlan() inline in
each webhook handler — the syncUserPlan fetch was redundant dead code.
- Added cross-product fallback lookup by stripeCustomerId when metadata lacks productId
- Ensure invoice payments are stored under the resolved subscription productId
- Normalize checkout metadata plan value before persistence/sync
- Keep auth plan sync aligned with resolved product context
- Verified: tsc --noEmit clean, 20 test files / 183 tests passing
- Make auth register provisioning truly best-effort (warn on failure, do not fail signup)
- Process Stripe webhook events for all products (remove non-default skip)
- Derive updated subscription plan from Stripe price IDs on subscription.updated
- Sync derived plan to auth users and backend plan sync endpoint
- Verified: tsc --noEmit clean, 20 test files / 183 tests passing
- Added plan to auth UserDoc model and token payload typing
- Register flow initializes user.plan from product default plan
- Login/Register/Me responses now include user.plan
- Access tokens now include optional plan claim
- Verified: tsc --noEmit clean, 19 test files / 178 tests passing
- LoginSchema and RegisterSchema now require productId field
- Login/Register routes use productId from request body (not env var)
- PRODUCT_ID import removed from auth/routes.ts
- Test fixtures updated with productId: 'lysnrai'
- createAccessToken() and createRefreshToken() now require productId parameter
- Issuer changed from PRODUCT_ID env var to generic 'bytelyst-platform'
- verifyToken() validates against 'bytelyst-platform' issuer
- auth/routes.ts callers updated to pass productId (still from PRODUCT_ID env var for now)
- Refresh endpoint reads productId from user doc
- Best-effort JWT parsing on every request (non-blocking for unauthenticated routes)
- Attaches parsed payload to req.jwtPayload for downstream use by getRequestProductId()
- Invalid/expired tokens silently ignored — auth-required routes handle their own validation
- New lib/request-context.ts with product validation against cache
- Priority: JWT payload > X-Product-Id header > env var fallback
- Rejects unknown or disabled products with 400 Bad Request
- Augments FastifyRequest with jwtPayload type declaration
- getRequestProductConfig() for modules needing product-specific values
- New products container in Cosmos DB (partition key: /id)
- ProductDoc: displayName, licensePrefix, deviceLimits, trialDays, status
- In-memory cache loaded on startup via loadProductCache()
- CRUD routes: GET/POST /products, GET/PUT /products/:id
- Cache refreshed after admin writes (create/update)
- Registered before all other modules in server.ts
- All 4 service Dockerfiles now use repo root as build context
- Multi-stage: pnpm install → build packages+service → pnpm deploy for production
- docker-compose.yml updated with context: . and dockerfile paths
- Added scripts/docker-prep.sh convenience wrapper
- Docker build blocked by corporate proxy SSL (not a code issue)
- Add proper workspace dependency resolution
- Build packages before service
- Use pnpm deploy for production
- Add docker-prep.sh script for helper commands
Rewired all 4 services:
- lib/errors.ts → re-exports from @bytelyst/errors
- lib/cosmos.ts → re-exports from @bytelyst/cosmos
- lib/product-config.ts → uses loadProductIdentity()/getProductId() from @bytelyst/config
- lib/config.ts → kept self-contained (zod v3/v4 type mismatch with loadConfig)
Added workspace deps (@bytelyst/errors, @bytelyst/cosmos, @bytelyst/config) to all 4 services.
Added docker-compose.yml with Loki, Grafana, Traefik, and all 4 services.
Added .env.example with required env vars.
Added passWithNoTests to vitest.config.ts.
Pinned root zod to ^3.24.0 to match service zod versions.
All 12 projects build. 175 tests passing.
