merge#30
Conversation
…nchpix-mvp Codex/build foundation for launchpix mvp
…nchpix-mvp Relax project website URL validation
…nchpix-mvp Redesign app UI with sleek shadcn style
…unchpix-mvp Refine landing page structure and CTAs
…unchpix-mvp Add project roadmap plan
…unchpix-mvp Harden dashboard runtime and prevent client-side crash
…unchpix-mvp Clean up LaunchPix dashboard layout
…unchpix-mvp Stabilize LaunchPix generation flow
…n-fix Improve design system and generation fallback
…n-fix [codex] Create professional LaunchPix demo video
…n-fix [codex] Polish responsive dashboard sidebar
…n-fix [codex] Add sidebar account menu
…n-fix [codex] Tighten dashboard header and generation layout
…n-fix [codex] Refine professional dark interface
Add Resend email automations
…n-fix Codex/design system generation fix
…me-refresh Improve frontend conversion layout and theme
Codex/resend email automations
…me-refresh Add LaunchPix logo and richer preview visuals
Add Google NextAuth sign-in flow
…me-refresh Codex/frontend conversion theme refresh
Codex/nextauth google auth flow
✅ Deploy Preview for launchpix ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
…lling Codex/lemon squeezy credit billing
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3f4e3ab513
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if (message.includes("is not configured")) { | ||
| return NextResponse.json({ error: message }, { status: 500 }); |
There was a problem hiding this comment.
The new "is not configured" branch returns the raw exception text to the browser, which can leak internal environment variable names (for example missing LEMON_SQUEEZY_* keys) to any authenticated user triggering checkout. This is a security disclosure regression compared with the previous generic 500 response and should be replaced with a sanitized user-facing message while keeping full details only in server logs.
Useful? React with 👍 / 👎.
…lling LaunchPix billing, auth, and Mistral image generation updates
…eneration-polish Harden billing and generation workflow
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c6d7180dae
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| ) | ||
| returns boolean | ||
| language plpgsql | ||
| security definer |
There was a problem hiding this comment.
This function runs as security definer and trusts caller-supplied p_user_id/p_credits without any authorization check, so any role that can execute the RPC can mint credits outside the signed webhook flow (including granting credits to arbitrary users). Because this migration does not add an auth guard or revoke execute privileges, credit balances can be modified by direct RPC calls instead of only by trusted backend code.
Useful? React with 👍 / 👎.
| last_payment_at: new Date().toISOString() | ||
| }) | ||
| .eq("id", current.id); | ||
| .update({ credits_remaining: current.credits_remaining + 1 }) |
There was a problem hiding this comment.
The refund path reads current.credits_remaining and then writes current + 1 as an absolute value, which can drop refunds under concurrency: if two generations for the same user fail at nearly the same time, both requests can read the same balance and both write the same incremented value, so only one credit is actually restored. This should use an atomic increment/CAS pattern (as done in consume) to avoid lost updates.
Useful? React with 👍 / 👎.
Harden generation auth/session error handling
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: adf76d5a57
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| try { | ||
| const stream = await client.files.download({ fileId }); | ||
| return assertUsablePng(await streamToBuffer(stream)); |
There was a problem hiding this comment.
When the Mistral image tool returns a valid PNG at a different size than the requested asset.width/asset.height, this path accepts it solely based on byte count/signature and the generation later stores/exports it as if it matched the required app-listing or hero dimensions. Because those exports need exact pixel sizes, decode the PNG dimensions and resize/crop or fall back to the deterministic renderer before returning it.
Useful? React with 👍 / 👎.
…rol-loop Add generation quality checks before export
Surface quality warnings and warning analytics
Fix generation quality warning handling
1 participant
No description provided.