merge#30
Conversation
…nchpix-mvp Codex/build foundation for launchpix mvp
…nchpix-mvp Relax project website URL validation
…nchpix-mvp Redesign app UI with sleek shadcn style
…unchpix-mvp Refine landing page structure and CTAs
…unchpix-mvp Add project roadmap plan
…unchpix-mvp Harden dashboard runtime and prevent client-side crash
…unchpix-mvp Clean up LaunchPix dashboard layout
…unchpix-mvp Stabilize LaunchPix generation flow
…n-fix Improve design system and generation fallback
…n-fix [codex] Create professional LaunchPix demo video
…n-fix [codex] Polish responsive dashboard sidebar
…n-fix [codex] Add sidebar account menu
…n-fix [codex] Tighten dashboard header and generation layout
…n-fix [codex] Refine professional dark interface
Add Resend email automations
…n-fix Codex/design system generation fix
…me-refresh Improve frontend conversion layout and theme
Codex/resend email automations
…me-refresh Add LaunchPix logo and richer preview visuals
Add Google NextAuth sign-in flow
…me-refresh Codex/frontend conversion theme refresh
Codex/nextauth google auth flow
❌ Deploy Preview for launchpix failed.
|
…lling Codex/lemon squeezy credit billing
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3f4e3ab513
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if (message.includes("is not configured")) { | ||
| return NextResponse.json({ error: message }, { status: 500 }); |
There was a problem hiding this comment.
Stop exposing internal config errors to checkout clients
The new "is not configured" branch returns the raw exception text to the browser, which can leak internal environment variable names (for example missing LEMON_SQUEEZY_* keys) to any authenticated user triggering checkout. This is a security disclosure regression compared with the previous generic 500 response and should be replaced with a sanitized user-facing message while keeping full details only in server logs.
Useful? React with 👍 / 👎.
…lling LaunchPix billing, auth, and Mistral image generation updates
Implement billing verification state
PR 1 of async migration: extract create, billing, planner, renderer, storage, and finalize modules from runner.ts. No behavior change.
…aries refactor(generations): split generation runner boundaries
Day 12 / PR 2 of async migration foundation: - generation status contract and public response mapper - conditional worker claim helper (queued -> analyzing) - GET /api/v1/projects/[projectId]/generations/[generationId] - unit tests for claim, status mapping, and project scoping No async execution, queue, or 202 response changes.
Day 13 / PR 3 of async migration: POST /generate returns 202 Accepted with generationId, queued status, and poll URL. Durable enqueue via generations row + usage_events audit trail. No worker execution yet.
Create async submissions as draft, consume credit, then promote to queued and mark the project queued before enqueue returns 202. Prevents workers from claiming unpaid generations and keeps project list status aligned with accepted jobs.
feat(generations): enqueue generation requests
Keep split generation runner modules and integrate main logging. Fix docs typed-route links and align generate API docs with 202 enqueue.
Addresses Codex P1 on PR #48: async 202 acceptance no longer ships without a runtime processor. v1 POST runs runGenerationForProject (201) by default; LAUNCHPIX_ASYNC_GENERATION enables 202 enqueue with claim-based worker via POST /api/internal/worker/generations/process or inline when configured.
…foundation Feat/generation worker contract foundation
Wire production-safe cron processing for queued generations: worker secret auth, batch worker endpoint, Render cron job, npm worker script, and ops docs. Default sync POST behavior and inline dev mode are unchanged.
feat(generations): add async worker trigger
Replace platform-wide LAUNCHPIX_API_KEY + x-launchpix-user-id with per-customer api_keys authentication on public /api/v1 routes. Credits are reserved once at POST with generationId/apiKeyId ledger events; worker processing remains LAUNCHPIX_WORKER_SECRET only.
fix(api): enforce customer api key billing for generation
Replace mock API key UI with session-authenticated create/list/revoke routes. Plaintext keys are returned once at creation; list exposes metadata only. Dashboard setup banner uses real active key state.
Return 404 for malformed project IDs instead of surfacing Supabase UUID cast errors as 500s, and roll back reserved credits when usage_events ledger inserts fail so billing stays consistent.
No description provided.