## Summary
- harden the web runtime with JSON body limits, stricter generation input validation, rate limiting, and trusted Origin/Referer checks for cookie-authenticated mutations
- redact password-reset tokens from debug email transport logs and fail closed for unsupported email providers
- scope generation idempotency keys per user with a Prisma migration and regression coverage
## Testing
- docker build -f infra/docker/web.Dockerfile -t nroxy-web-check .
- docker run --rm --entrypoint sh nroxy-web-check -lc "pnpm --filter @nproxy/providers test && pnpm --filter @nproxy/db test && pnpm --filter @nproxy/web test"
Closes#14Closes#7Closes#8
Co-authored-by: sirily <sirily@git.shararam.party>
Reviewed-on: #21
Refs #9
## Summary
- add a worker-side renewal invoice sweep that creates one invoice 72 hours before subscription expiry
- expire elapsed pending invoices automatically and email users when an automatic renewal invoice is created
- stop auto-recreating invoices for the same paid cycle once any invoice already exists for that cycle
- document the current renewal-invoice and pending-invoice expiry behavior
## Testing
- built `infra/docker/web.Dockerfile`
- ran `pnpm --filter @nproxy/db test` inside the built container
- verified `@nproxy/db build` and `@nproxy/web build` during the image build
- built `infra/docker/worker.Dockerfile`
Co-authored-by: sirily <sirily@git.shararam.party>
Reviewed-on: #20
Closes#3
## Summary
- enforce `currentPeriodEnd` as a hard access boundary for generation requests
- transition elapsed `active` and `past_due` subscriptions to `expired` during runtime reads
- stop showing active-cycle quota for non-active subscriptions and document the current lifecycle behavior
- add DB tests for post-expiry generation rejection and expired account-view normalization
## Testing
- built `infra/docker/web.Dockerfile`
- ran `pnpm --filter @nproxy/db test` inside the built container
- verified `@nproxy/db build` and `@nproxy/web build` during the image build
Co-authored-by: sirily <sirily@git.shararam.party>
Reviewed-on: #19
Closes#2
## Summary
- make `markInvoicePaid` idempotent for already-paid invoices and reject invalid terminal transitions
- add admin actor metadata and audit-log writes for `mark-paid`, including replayed no-op calls
- add focused DB tests for first activation, replay safety, and invalid transition handling
- document the current payment system, including invoice creation, manual activation, quota reset, and current limitations
## Testing
- built `infra/docker/web.Dockerfile`
- ran `pnpm --filter @nproxy/db test` inside the built container
- verified `@nproxy/db build` and `@nproxy/web build` during the image build
Co-authored-by: sirily <sirily@git.shararam.party>
Reviewed-on: #18
## Summary
- remove MVP wording from repository docs and guidance
- rename the system plan document and update references to it
- align the default subscription plan code/name with product wording
- document hard subscription expiry with no grace period
## Verification
- docker build -f infra/docker/web.Dockerfile .
- docker build -f infra/docker/migrate.Dockerfile .
Co-authored-by: sirily <sirily@git.shararam.party>
Reviewed-on: #15
