All releases
major44 changes

v3.0.0 Beta Ready: Distribution, Paywall, and the Companion Stack

Three distribution surfaces live at once: Mac companion (DMG), Chrome extension (submitted to Web Store), and the /download page with the full integration surface matrix. License-key based paywall replaces Stripe for beta cohort. Hardened the whole stack after the Vercel April 2026 security incident.

New

(22)
  • /download page — a real Next.js route showing all 5 surfaces (Mac, Chrome, Web, iOS/Android, Linux/Windows) + a 13-row integration matrix mapping every category across Desktop/Cloud/Extension/Mobile/Local channels
  • License key system — admin generates keys, beta users activate at /app/activate, tier flips from free to pro/power with no Stripe touchpoint. Migration + 5 API routes + admin UI + user UX + UpgradeModal hook.
  • /app/activate — paste license key, auto-format JETW-XXXX-XXXX-XXXX-XXXX, one-tap activation, friendly error states for revoked/expired/email-mismatch/exhausted
  • Magic-link activation at /activate?key=XXXX — public landing page that auto-activates for logged-in users or offers sign-in-and-activate for anonymous, with sessionStorage roundtrip survival through login redirect
  • /app/admin/licenses — generate N keys at once with plan/expiry/email-lock/notes, email-substring filter, status filter, 7 sort modes, CSV export, stats dashboard, revoke with mass-downgrade, per-session ADMIN_SECRET gate
  • /api/licenses/* — generate, activate (with CORS for chrome-extension + jetwork.ai origins), me, list, revoke. Full lifecycle API with crypto-secure Crockford Base32 key gen (31-char charset strictly 0/1/O/I/L-free, ~10^24 keyspace)
  • Branded license-issuance email via Resend — tick "Email directly to recipient" on admin page and the beta user gets a dark-themed email with key + one-click activation link. Logged to license_email_logs for audit.
  • License key field on /app/settings/billing — beta users can add or replace keys outside the onboarding flow
  • UpgradeModal + PaywallGate "Have a license key?" shortcuts — beta users skip billing and go straight to activation from anywhere a paywall appears
  • Chrome extension popup license activation — beta users paste JETW-XXXX-XXXX-XXXX-XXXX directly in the extension popup (no web trip required), tier syncs over CORS
  • PaywallGate wrapping for /app/network, /app/commonality, /app/degrees, /app/briefings — free users see blurred preview + upgrade-or-activate CTAs
  • Mac companion app — Jetwork.dmg, 123 MB, universal binary (Apple Silicon + Intel). Syncs iMessage, Photos (GPS+EXIF), Apple Notes, local contacts, Apple Calendar, local files. Hosted via GitHub Releases.
  • Chrome extension v0.3.0 — 7 sources (LinkedIn, Facebook, Instagram, X, WhatsApp Web, TikTok, Reddit) + in-popup license activation. Paste JETW-XXXX-XXXX-XXXX-XXXX directly in the extension popup, activate over CORS-enabled /api/licenses/activate, and tier flips instantly. Submitted v0.2.0 to Chrome Web Store (pending review); v0.3.0 ready to re-submit as update.
  • WhatsApp Web chat-list harvester — scrapes the sidebar for name + visible phone numbers, dedupes via phone-based key when URL unavailable
  • TikTok following harvester — scrapes video-author links on the /following feed
  • Reddit friends harvester — reads /prefs/friends on both old and new Reddit layouts
  • Onboarding companion step — new Step 2 between OAuth connect and import that shows Mac DMG + Chrome extension with source chips and install guides
  • Extension activity surface on /app/activity — unified live feed polling every 15s across interactions, calendar events, photos, notes, and contact-added events via activity_feed view
  • Daily intelligence cron at /api/cron/enrich — runs the 8-step pipeline every 03:00 UTC across all active users
  • macOS Contacts + Calendar + File-upload ingestion — desktop app now reads native AddressBook.sqlitedb, parses .ics files, and handles .vcf/.csv/.pdf drops
  • Chrome Web Store listing copy + 3 screenshots + 440x280 promo tile prepared and published at docs/chrome-web-store/
  • Download nav entry restored — now left-most in the top nav (Download | Pricing | Product | Integrations | Extensions | Developers)

Improved

(5)
  • Dashboard auth fix — consolidated five inline supabase.auth.getSession() calls into one Promise.allSettled using authFetch with onAuthStateChange subscription. Fixes empty-state-on-first-load regression for every beta user.
  • Extension dispatcher — full_name now carried over on upsert update. Caught a silent NOT NULL violation that had been breaking re-syncs for all 5 pre-existing sources (LinkedIn/Facebook/Instagram/X/WhatsApp).
  • Extension manifest description trimmed from 140 to 116 chars (Chrome Web Store limit is 132)
  • /download page links Mac button to GitHub Releases latest — clean URL that auto-updates with every new Mac release
  • Chrome extension options page now visible in Web Store listing with all 7 source toggles

Infrastructure

(14)
  • Supabase service_role key rotation — migrated from legacy JWT service_role to new sb_secret_* key. Updated .env.local, Supabase dashboard, and rotation log. Old legacy key still intact until user disables on dashboard.
  • ADMIN_SECRET rotation — 40-char crypto-random, replaces the one Vercel flagged "Need To Rotate" after the April 2026 incident. Updated .env.local + xlsx (still needs Vercel paste in user's morning)
  • Vercel "Enforce Sensitive Environment Variables" toggle enabled team-wide — every new env var is encrypted-at-rest going forward, unreadable even to Vercel employees
  • calendar_events migration made idempotent with DROP POLICY IF EXISTS — safe to re-run without errors
  • licenses + license_activations migration — adds plan_source + license_id columns to profiles, RLS policies, indexes, updated_at trigger
  • license_email_logs migration — audit trail for every Resend delivery attempt, surfaces as "emailed 2h ago" badges on admin roster
  • 23-test unit suite for license helpers (node --test, zero deps) — charset parity, 10K-key uniqueness sweep, normalize/plausibility/fingerprint coverage. Caught a real bug: charset claimed to exclude L but included it. Fixed.
  • scripts/smoke-test-license-flow.mjs — E2E integration probe that generates → activates (via DB write) → revokes and verifies tier flips both directions. Skip-safe when migration not applied.
  • /login ?next= support with same-site allow-list — magic-link activations redirect back to /activate after sign-in without open-redirect risk
  • /api/licenses/activate CORS — OPTIONS handler + allow-list for chrome-extension://*, app.jetwork.ai, jetwork.ai, localhost. All response codes attach CORS headers.
  • electron-forge MakerDMG added — builds proper .dmg installer instead of .zip (drag-to-Applications inside mounted disk image)
  • /public/downloads/jetwork-chrome-extension.zip served from /download page — auto-generated from extension/ directory, 37 KB
  • WhatsApp sync test harness at scripts/test-whatsapp-sync.mjs — synthetic payload test with pbpaste-style clipboard verification, flagged the dispatcher bug above
  • docs/chrome-web-store/whatsapp-field-test.md — 6-scenario test playbook covering login-gate, selector drift, group-chat exclusion, dedup verification

Fixed

(3)
  • Dashboard empty state on first load — previously showed "Connect your network" even for users with 8K contacts
  • Extension re-sync NOT NULL violation on full_name — every 2nd sync silently 500ed
  • Extension manifest description over Chrome's 132-char limit

Stay in the loop

Get notified when we ship new features.