Monetization MVP + free Supabase accounts (synced plan/trial/devices)#5
Merged
Conversation
…edback No-backend client-side MVP: - 500-word free trial (localStorage), paywall when exhausted - Launch-priced plans page with pricing psychology (anchored strike-through prices, "Most popular" decoy, annual savings, lifetime anchor): Starter P499 / Pro P799 / Unlimited P1,499 /mo, Pro Annual P7,990, Lifetime P9,999 - Signed coupon system (%-off / P-off / 100%-free), per-plan or all - Password-gated owner coupon generator (footer "Owner tools"); password stored only as SHA-256 hash (public repo safe) - Checkout instructions: PayMongo (GCash/cards -> BPI) + PayPal QR (international), manual activation in MVP - Embedded feedback form (Formspree endpoint or email fallback) - config.js holds owner TODO placeholders; sw.js cache bumped to v2 Client-side enforcement is tamper-resistant, not tamper-proof; real payment/enforcement is the planned backend phase. No Python changes; 41 tests still pass. https://claude.ai/code/session_015REKyF6JmJchTnZWoLth7Y
- Starter /mo: 10,000 words (was 25k) - Pro /mo: 60,000 words; Unlimited /mo raised to ₱5,000 - Add Pro Semi-Annual (₱3,990 / 6 mo); Pro Annual repriced to ₱6,990 - Per-plan device limits (Starter 1 … Unlimited 5) shown on cards, checkout and unlocked banner; soft per-device id, real binding deferred to the backend phase - Lifetime removed from the page; now code-only via Owner tools (plan LIFE), unlocks on the redeeming device (devices: 3) - "Best for…" value line per plan; README pricing table refreshed https://claude.ai/code/session_015REKyF6JmJchTnZWoLth7Y
Applies to Pro monthly and the Pro Semi-Annual / Annual variants (same Pro entitlement); perk updated to "3x the words". https://claude.ai/code/session_015REKyF6JmJchTnZWoLth7Y
- Email + password auth via Supabase; account modal (footer "Account") - Per-user profile syncs plan, trial words, unlock and devices across devices; signed-in state is the source of truth, localStorage MVP is the offline/no-keys fallback - supabase/schema.sql: profiles table + RLS (read-own-row only) and SECURITY DEFINER RPCs (consume_words, redeem_coupon with server-side HMAC, register_device with cap, forget_other_devices) so trial count, unlock and device list are tamper-resistant - Coupon redemption routes server-side when signed in - Real per-plan device-cap enforcement with "use this device" reset - App still runs as localStorage MVP until SUPABASE_URL/ANON_KEY set - sw cache -> v3; README documents the free Supabase setup https://claude.ai/code/session_015REKyF6JmJchTnZWoLth7Y
- grant select on profiles to authenticated and usage on schema public, so the Data API works regardless of the "Automatically expose new tables" project setting (RLS still limits reads to the own row) - enable RLS on private_config with no policies (deny-all via API; SECURITY DEFINER functions still read the coupon secret) https://claude.ai/code/session_015REKyF6JmJchTnZWoLth7Y
Drops the on_auth_user_created trigger and handle_new_user (which referenced new.id) in favour of a SECURITY DEFINER ensure_profile() that creates+returns the caller's row using auth.uid()/auth.jwt(). The client now calls ensure_profile on session init. Removes the new.id token that some SQL editors/assistants kept corrupting, and simplifies setup (no trigger on the auth schema). https://claude.ai/code/session_015REKyF6JmJchTnZWoLth7Y
Accounts, synced plan/trial/devices, and server-side coupon redemption are now live (publishable key is safe to ship; data is protected by RLS + SECURITY DEFINER functions). https://claude.ai/code/session_015REKyF6JmJchTnZWoLth7Y
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a complete monetization layer plus a free, server-enforced account
system to the client-side humanizer.
Monetization MVP
Pro lowered to 30,000 words/month
Free accounts (Supabase)
browsers/phones
SECURITY DEFINERPostgres functions(
ensure_profile,consume_words,register_device,forget_other_devices,redeem_coupon) — clients can only read theirown row, so trial count / unlock / device list are tamper-resistant
is safe to ship; data protected by RLS + the server functions)
supabase/schema.sqlprovided; README documents setupTest plan
server-side
profiles.trial_wordspython -m unittest)https://claude.ai/code/session_015REKyF6JmJchTnZWoLth7Y
Generated by Claude Code