238 ai agent readiness

[InfinityBowman]

Summary by CodeRabbit

• New Features

  • Added settings page with dedicated sidebar for account management (Billing, Plans, Security, Notifications, Organizations, General).
  • Implemented offline-capable authentication with cross-tab synchronization and session persistence.
  • Added password strength indicator for real-time password validation feedback.
  • Introduced billing checkout, portal access, and trial grant management.

• Bug Fixes

  • Improved password change flow with enhanced validation and error handling.

• Documentation

  • Added comprehensive glossary covering domain terminology, technical concepts, and architecture patterns.
  • Expanded package READMEs with detailed usage guides and architectural overviews.
  • Updated technical debt audit reflecting completed improvements.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	corates	9ef70a4	Commit Preview URL	Jan 07 2026, 01:25 AM

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

This PR introduces comprehensive documentation updates, adds a new offline-capable authentication store with Better Auth integration, refactors billing infrastructure into modular routes, adds centralized error handling middleware, migrates all workers package imports to path aliases, and introduces new configuration constants for time durations, quotas, and caching.

Changes

Cohort / File(s)	Summary
Documentation & Glossary docs/plans/settings-sidebar-implementation.md, packages/docs/glossary.md, packages/docs/audits/technical-debt-audit-2026-01.md	Adds comprehensive settings sidebar implementation plan, new domain glossary with terminology across entities/architecture/billing, and updates technical debt audit with completed items (apiFetch wrapper, password change, error handling).
Package READMEs packages/shared/README.md, packages/ui/README.md, packages/web/README.md, packages/workers/README.md	Expands READMEs with detailed architecture, usage examples, patterns, tech stack, and development guidance for each package.
VitePress Config & Constants packages/docs/.vitepress/config.js, packages/workers/src/config/constants.js	Adds Glossary nav item to docs; introduces new constants groups (TIME_DURATIONS, GRANT_CONFIG, CACHE_DURATIONS, QUERY_LIMITS, ORG_LIMITS, WEBHOOK_CONFIG) and AVATAR file size limit.
Authentication Store packages/web/src/api/better-auth-store.js	New comprehensive Better Auth store singleton with offline caching, cross-tab sync, 2FA support, session management, and extensive auth API surface.
Auth UI Components packages/web/src/components/auth/StrengthIndicator.jsx, packages/web/src/components/profile/SettingsPage.jsx	Visual updates to strength indicator sizing/borders; SettingsPage now integrates password strength feedback and uses centralized changePassword from auth store.
Error Handling Middleware packages/workers/src/middleware/errorHandler.js, packages/workers/src/index.js	New centralized errorHandler middleware for Hono routes handling domain errors, Zod validation, DB constraints, and HTTP exceptions; wired into main router.
Billing Routes (New Modules) packages/workers/src/routes/billing/checkout.js, packages/workers/src/routes/billing/grants.js, packages/workers/src/routes/billing/portal.js, packages/workers/src/routes/billing/subscription.js, packages/workers/src/routes/billing/validation.js, packages/workers/src/routes/billing/webhooks.js	New modular billing endpoints: checkout and single-project purchases, trial grants management, billing portal sessions, subscription/members read endpoints, plan validation, and Stripe webhook processing with idempotency and grant extension.
Billing Helpers packages/workers/src/routes/billing/helpers/orgContext.js, packages/workers/src/routes/billing/helpers/ownerGate.js	New org context resolution helpers (resolveOrgId, resolveOrgIdWithRole) and owner authorization gate for billing operations.
Billing Route Refactoring packages/workers/src/routes/billing/index.js	Converts monolithic billing router to modular architecture by delegating to sub-routers (subscription, validation, portal, grants, checkout, webhooks).
Workers Path Alias Migration packages/workers/jsconfig.json, packages/workers/vitest.config.js, packages/workers/src/config/validation.js, packages/workers/src/auth/emailTemplates.js, packages/workers/src/auth/routes.js, packages/workers/src/durable-objects/ProjectDoc.js, packages/workers/src/durable-objects/__tests__/*, packages/workers/src/lib/billingResolver.js, packages/workers/src/lib/__tests__/*, packages/workers/src/middleware/__tests__/*, packages/workers/src/middleware/auth.js, packages/workers/src/routes/__tests__/*, packages/workers/src/routes/admin/__tests__/*, packages/workers/src/routes/admin/*.js, packages/workers/src/routes/billing/__tests__/*, packages/workers/src/routes/orgs/__tests__/*, packages/workers/src/routes/orgs/*.js, packages/workers/src/routes/*.js	Adds jsconfig.json with path alias configuration; migrates ~50+ files across test suites, routes, middleware, and utilities from relative paths to @/ alias imports; replaces hard-coded time durations with TIME_DURATIONS constants in members/invitations expiry calculations.
ProjectDoc Warning Header packages/workers/src/durable-objects/ProjectDoc.js	Adds blast-radius warning documentation detailing scope, affected subsystems, and prerequisite checklist.

Sequence Diagrams

sequenceDiagram
    participant Client
    participant AuthStore as Better Auth Store
    participant BetterAuth as Better Auth Service
    participant LocalStorage
    participant IndexedDB
    participant BroadcastChannel

    Client->>AuthStore: useBetterAuth()
    AuthStore->>LocalStorage: Load cached session (7-day TTL)
    alt Cache Valid
        AuthStore->>AuthStore: Use cached session
    else Cache Expired/Invalid
        AuthStore->>BetterAuth: Fetch fresh session
        BetterAuth-->>AuthStore: Session data
        AuthStore->>LocalStorage: Update cache with timestamp
    end
    
    AuthStore->>IndexedDB: Load cached avatar URLs
    
    alt User Goes Offline
        AuthStore->>AuthStore: Set isOnline = false
        AuthStore->>Client: Return cached session/user
    else User Online
        AuthStore->>BetterAuth: Sync auth state
    end
    
    rect rgb(200, 220, 255)
    Note over BroadcastChannel: Cross-Tab Sync
    AuthStore->>BroadcastChannel: Post auth-changed message
    BroadcastChannel-->>AuthStore: Receive from other tabs
    AuthStore->>AuthStore: Refetch session on changes
    end

Loading

sequenceDiagram
    participant Client
    participant CheckoutHandler as POST /checkout
    participant DB
    participant Stripe
    participant BetterAuthPlugin as Better Auth<br/>Stripe Plugin

    Client->>CheckoutHandler: POST with targetTier
    CheckoutHandler->>CheckoutHandler: Validate auth + org ownership
    CheckoutHandler->>DB: Resolve org context + role
    CheckoutHandler->>CheckoutHandler: requireOrgOwner(orgId, role)
    
    alt Validation Failed
        CheckoutHandler-->>Client: Domain FORBIDDEN error
    else Validation Passed
        CheckoutHandler->>BetterAuthPlugin: Call upgradePlan
        BetterAuthPlugin->>Stripe: Create checkout session
        Stripe-->>BetterAuthPlugin: Session data
        BetterAuthPlugin-->>CheckoutHandler: Result with sessionId
        CheckoutHandler-->>Client: JSON { sessionId, url }
    end

Loading

sequenceDiagram
    participant Stripe
    participant WebhookHandler as POST /purchases/webhook
    participant DB
    participant Ledger
    participant GrantsDB

    Stripe->>WebhookHandler: Send event (checkout.session.completed)
    WebhookHandler->>WebhookHandler: Read raw body
    
    rect rgb(200, 220, 255)
    Note over WebhookHandler: Phase 1: Trust-Minimal
    WebhookHandler->>WebhookHandler: Compute payload hash
    WebhookHandler->>Ledger: Check for duplicate
    alt Duplicate Found
        WebhookHandler-->>Stripe: 200 OK (skipped)
    end
    WebhookHandler->>Ledger: Create ledger entry
    end
    
    rect rgb(220, 200, 220)
    Note over WebhookHandler: Phase 2: Verification
    WebhookHandler->>WebhookHandler: Verify Stripe signature
    alt Signature Invalid
        WebhookHandler->>Ledger: Update failed
        WebhookHandler-->>Stripe: 403 Forbidden
    end
    end
    
    WebhookHandler->>DB: Validate metadata (orgId, grantType)
    alt Valid Payment (paid, mode=payment)
        WebhookHandler->>GrantsDB: Check existing grant by session
        alt Grant Exists
            GrantsDB->>GrantsDB: Extend expiresAt by 6 months
            WebhookHandler->>Ledger: Mark processed
        else No Existing Grant
            WebhookHandler->>GrantsDB: Create new grant (6-month expiry)
            WebhookHandler->>Ledger: Record grantId
        end
        WebhookHandler-->>Stripe: 200 OK { grantId }
    else Invalid
        WebhookHandler->>Ledger: Mark as skipped
        WebhookHandler-->>Stripe: 200 OK
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

Possibly related PRs

• add tanstack query #193: Modifies packages/web/src/api/better-auth-store.js to replace projectStore usage with TanStack Query, directly building upon the newly-added Better Auth store introduced in this PR.
• 234 payment edge cases #235: Updates billingResolver and billing route codepaths (checkout, validation, subscription), extending the billing infrastructure refactored in this PR.
• add entitlements and quotas architecture for future stripe integration #131: Modifies billing entitlements and quota helpers architecture that underpins the new billing routes (validatePlanChange, access grant logic) added in this PR.

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9eb373c and 9ef70a4.

📒 Files selected for processing (83)

• docs/plans/settings-sidebar-implementation.md
• packages/docs/.vitepress/config.js
• packages/docs/audits/technical-debt-audit-2026-01.md
• packages/docs/glossary.md
• packages/shared/README.md
• packages/ui/README.md
• packages/web/README.md
• packages/web/src/api/better-auth-store.js
• packages/web/src/components/auth/StrengthIndicator.jsx
• packages/web/src/components/profile/SettingsPage.jsx
• packages/workers/README.md
• packages/workers/jsconfig.json
• packages/workers/src/__tests__/helpers.js
• packages/workers/src/__tests__/seed-schemas.js
• packages/workers/src/auth/emailTemplates.js
• packages/workers/src/auth/routes.js
• packages/workers/src/config/constants.js
• packages/workers/src/config/validation.js
• packages/workers/src/durable-objects/ProjectDoc.js
• packages/workers/src/durable-objects/__tests__/EmailQueue.test.js
• packages/workers/src/durable-objects/__tests__/ProjectDoc.ws-auth.test.js
• packages/workers/src/durable-objects/__tests__/UserSession.test.js
• packages/workers/src/index.js
• packages/workers/src/lib/__tests__/billingResolver.test.js
• packages/workers/src/lib/__tests__/quotaTransaction.test.js
• packages/workers/src/lib/billingResolver.js
• packages/workers/src/middleware/__tests__/auth.test.js
• packages/workers/src/middleware/__tests__/requireAdmin.test.js
• packages/workers/src/middleware/__tests__/requireEntitlement.test.js
• packages/workers/src/middleware/__tests__/requireOrg.test.js
• packages/workers/src/middleware/errorHandler.js
• packages/workers/src/routes/__tests__/account-merge.test.js
• packages/workers/src/routes/__tests__/avatars.test.js
• packages/workers/src/routes/__tests__/contact.test.js
• packages/workers/src/routes/__tests__/database.test.js
• packages/workers/src/routes/__tests__/email.test.js
• packages/workers/src/routes/__tests__/google-drive.test.js
• packages/workers/src/routes/__tests__/members.test.js
• packages/workers/src/routes/__tests__/org-auth.test.js
• packages/workers/src/routes/__tests__/orgs-management.test.js
• packages/workers/src/routes/__tests__/pdfs.test.js
• packages/workers/src/routes/__tests__/project-invitations.test.js
• packages/workers/src/routes/__tests__/projects.test.js
• packages/workers/src/routes/__tests__/users.test.js
• packages/workers/src/routes/account-merge.js
• packages/workers/src/routes/admin/__tests__/admin-billing.test.js
• packages/workers/src/routes/admin/__tests__/admin-orgs.test.js
• packages/workers/src/routes/admin/__tests__/admin-storage.test.js
• packages/workers/src/routes/admin/__tests__/billing-observability.test.js
• packages/workers/src/routes/admin/billing-observability.js
• packages/workers/src/routes/admin/billing.js
• packages/workers/src/routes/admin/database.js
• packages/workers/src/routes/admin/index.js
• packages/workers/src/routes/admin/orgs.js
• packages/workers/src/routes/admin/storage.js
• packages/workers/src/routes/admin/users.js
• packages/workers/src/routes/avatars.js
• packages/workers/src/routes/billing/__tests__/index.test.js
• packages/workers/src/routes/billing/__tests__/purchase-webhook.test.js
• packages/workers/src/routes/billing/checkout.js
• packages/workers/src/routes/billing/grants.js
• packages/workers/src/routes/billing/helpers/orgContext.js
• packages/workers/src/routes/billing/helpers/ownerGate.js
• packages/workers/src/routes/billing/index.js
• packages/workers/src/routes/billing/portal.js
• packages/workers/src/routes/billing/subscription.js
• packages/workers/src/routes/billing/validation.js
• packages/workers/src/routes/billing/webhooks.js
• packages/workers/src/routes/contact.js
• packages/workers/src/routes/database.js
• packages/workers/src/routes/email.js
• packages/workers/src/routes/google-drive.js
• packages/workers/src/routes/invitations.js
• packages/workers/src/routes/members.js
• packages/workers/src/routes/orgs/__tests__/readonly-enforcement.test.js
• packages/workers/src/routes/orgs/index.js
• packages/workers/src/routes/orgs/invitations.js
• packages/workers/src/routes/orgs/members.js
• packages/workers/src/routes/orgs/pdfs.js
• packages/workers/src/routes/orgs/projects.js
• packages/workers/src/routes/projects.js
• packages/workers/src/routes/users.js
• packages/workers/vitest.config.js

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}