Updates

Replaced the stub in lib/server/billing/enforceLimits.ts with a real org_usage_daily query plus org_billing.ai_bonus_credits lookup; the gateway now throws AI_DAILY_LIMIT_EXCEEDED with current, limit, planLimit, bonusCredits, and resetAt fields, surfaced as HTTP 429 in the loop-assistant and conversations send routes. Added getAllowedModels and resolveModel helpers in lib/ai/aiRouter.ts that downgrade requested models to the plan's default and log the downgrade. Added the org_billing.ai_bonus_credits column (migration 20260504120000), three Stripe one-time prices for credit packs, the new POST /api/billing/buy-ai-credits route, a credit_pack branch in the Stripe webhook with audit-log idempotency, and bonus-credit deduction in trackOrgUsage that fires only when the daily cap is exceeded. UI: components/billing/BuyAICreditsDialog.tsx pack picker, BillingSettings now reads ai_requests_daily and ai_bonus_credits from /api/billing/usage and renders the meter + Buy More CTA, AIUsageSettings adds a top-of-page 'Your Plan's Daily AI Limit' card with the same dialog and renames the existing combined card to 'Provider Rate Limits' to disambiguate.

• Migration 20260504120000_org_billing_ai_bonus_credits.sql adds ai_bonus_credits INTEGER NOT NULL DEFAULT 0 to org_billing.
• checkAIRequestLimit returns AIRequestLimitResult with planLimit, bonusCredits, resetAt (next UTC midnight), and code AI_DAILY_LIMIT_EXCEEDED.
• aiGateway calls checkAIRequestLimit before routing for platform_paid mode and throws a typed error rather than going through enforceOrgLimits('ai_request') for the daily cap.
• loop-assistant and conversations/[id]/send routes return HTTP 429 with { code, current, limit, planLimit, bonusCredits, resetAt, upgradeUrl } on AI_DAILY_LIMIT_EXCEEDED.
• aiRouter.runModel accepts an optional planTier (defaults to 'free') and runs the requested model through resolveModel before dispatch.
• New STRIPE_PRICE_AI_CREDITS_500/2000/10000 env var contract; live-mode prices created via Stripe MCP.
• POST /api/billing/buy-ai-credits validates org membership, creates a mode='payment' Checkout Session with metadata.credit_pack='true' and returns { url }.
• Stripe webhook handleCheckoutCompleted now branches on metadata.credit_pack and increments org_billing.ai_bonus_credits via applyCreditPackToOrg, with an audit_events guard against retried webhook deliveries.
• trackOrgUsage('ai_request') now decrements ai_bonus_credits by the count of requests that overflow max_ai_requests_per_day.
• /api/billing/usage now selects and returns billing.ai_bonus_credits.
• BillingSettings replaces 'AI Requests (This Month)' with 'AI Requests Today' against the daily cap, adds the bonus-credits chip + Buy More button, mounts BuyAICreditsDialog, and shows a one-time 'Credits added' banner on ?credits=purchased.
• AIUsageSettings adds 'Your Plan's Daily AI Limit' as the first card and renames the existing combined card to 'Provider Rate Limits' for clarity.
• lib/constants/pricingPlans.ts exports AI_CREDIT_PACKS keyed by '500' | '2000' | '10000' with priceEnvVar bindings.

AccountSettings now fetches /api/billing/usage and routes the Upgrade button into the Plans tab. PricingCards self-fetches /api/billing/pricing-plan and renders dynamic CTAs (with a Cancel-to-Free flow that hits /api/billing/downgrade). The trial-token gift API accepts recipientUserId and resolves the recipient's email server-side from user_profiles. /pricing was removed from the public middleware allowlist and the /(main)/pricing route was deleted; start-checkout error and cancel URLs now point at /garage/settings?tab=pricing. EffectivePlanTier was widened to include garage|shop|floor (with legacy aliases retained), and the AI registry's PlanTier type was widened to match. The IntegrationsSettings Ragie partition Select uses a __none__ sentinel instead of an illegal empty-string SelectItem value.

• Removed the public /pricing route and /^\/pricing(.*)/ middleware allowlist entry; routes.public.pricing deleted.
• Renamed the Pricing settings tab label to Plans in en, de, es, ko, tr, zh-CN locales (URL ?tab=pricing still works).
• AccountSettings reads org_billing via /api/billing/usage and surfaces planTier + trial state to SettingsAccount.
• AccountInfo.type widened to free|garage|shop|floor|enterprise|internal (+ legacy aliases) with matching plan badges.
• BillingSettings adds Gift to a friend CTA next to Start Free Trial plus a TokenClaimCountdown driven by /api/trial-tokens.
• TrialTokensSettings adds a username field, /api/users/search lookup, and an AlertDialog confirmation showing avatar, @handle, and display name.
• /api/trial-tokens/gift accepts { recipientUserId } and resolves email server-side (with a self-gift guard).
• PricingCards renders Current/Upgrade/Downgrade/Cancel CTAs based on /api/billing/pricing-plan; logged-out callers keep the marketing CTA.
• RedeemTrialTokenClient's expired-token CTA links to /sign-up instead of the removed /pricing page.
• Removed the Beta pill in SettingsAccount, the (Beta) label in AIAssistant, and the Private Beta line in the auth header.

Adds the WorkOS-backed trial token schema, service helpers, API routes, Settings UI, public redemption page, Stripe trial activation path, middleware exceptions for redeem links, scheduled token notifications, and dormant World ID database/API scaffolding. Stripe subscription webhooks now mint the correct token state for trial vs direct-pay onboarding.

• New migration: 20260502120000_trial_tokens_and_world_id.sql.
• New trial token APIs: /api/trial-tokens, /api/trial-tokens/gift, /api/trial-tokens/preview/[token], and /api/trial-tokens/redeem.
• Compatibility endpoints preserve the spec paths: /api/tokens/gift and /api/tokens/redeem/[link].
• New public route: /redeem/[token], with middleware allowing preview before authentication.
• New Vercel cron: /api/cron/trial-token-notifications.
• World ID routes are present behind NEXT_PUBLIC_WORLD_ID_ENABLED and require the World ID env vars before use.

GettingStartedWidget no longer switches to a low-z fixed mobile drawer trigger. SettingsPage no longer relies on Radix NavigationMenu dropdowns for the settings section picker. The onboarding gate helper now exposes a checklist object, the debug status endpoint reports the same gate used by protected layouts, and a development-only onboarding audit endpoint surfaces username-to-handle migration gaps. Supabase profile opaiustest was updated to use handle=opaiustest and onboarding_completed=true.

• Garage checklist renders as a responsive inline card across breakpoints.
• Settings category navigation uses persistent buttons plus section links, with search results kept in the same stable list surface.
• Auth gate completion is active account + onboarding_completed + valid handle.
• Debug onboarding status no longer treats onboarding_completed alone as complete.
• Added /api/debug/onboarding-audit for development-only counts and legacy candidate inspection.

Adds a normalized chassis-code catalog and resolver, persists resolved/manual identity into garage_vehicles.metadata.vehicle_identity, mirrors important values into spec_sheet, and displays the identity in add/edit vehicle and spec views. OAuth callback, sign-up, and home routing now enforce the onboarding gate before sending users into Garage or Workspace. Garage record edits now apply the PATCH response into client state immediately and reload the garage list with no-store semantics. ReleaseShareButton now renders the relative release path through hydration, then upgrades to window.location.origin after mount so the server and initial client markup match.

• New normalized data source: apps/frontend/lib/data/vehicle_chassis_codes.json.
• New resolver: apps/frontend/lib/vehicle-chassis-codes.ts resolves chassis/subcode identity from YMM, explicit technical codes, and user overrides.
• Garage add/edit forms include slots for technical code, chassis/platform, subcode, engine code, engine details, and technical notes.
• POST/PATCH garage vehicle APIs save identity metadata and spec-sheet cells without requiring a new database migration.
• Display specs include technical code, chassis, platform, engine code, engine details, configuration, and notes when present.
• Static catalog restores GL 450 (164.871) and GL 450 (166.872), with 166.872 covering 2013-2014.
• OAuth sign-up callback, sign-up route, and home smart landing route users to /onboarding when their profile gate is incomplete.
• Insurance and DMV registration saves update the selected garage vehicle from the PATCH response before the follow-up reload; /api/garage/vehicles responses now send no-store cache headers.
• Updates share links avoid SSR/client URL mismatches by initializing from the route path and computing the absolute URL after mount.

Removed the dead PRICE_IDS const and per-plan stripePriceId* fields from PricingCards — the CTA already routes through /api/billing/start-checkout?plan=…&billing=… and the server resolves the actual price from STRIPE_PRICE_{GARAGE,SHOP,FLOOR}_{MONTHLY,ANNUAL} via lib/stripe/plans.ts. Refreshed STRIPE_SETUP.md and app/api/billing/README.md to document the current tiers, the new GET /api/billing/start-checkout entry point, and the legacy back-compat env vars. Updated the env-var-not-set error messages in BillingSettings and /api/billing/checkout to name the current vars. The two stale Garage prices in Stripe ($9/mo and $86/yr) were archived via the API earlier this session — no live subscriptions were on either.

New GET /api/billing/start-checkout endpoint creates a Stripe Checkout Session and 303-redirects to its hosted URL. Bounces logged-out users through /sign-up?next=<self> so the second pass completes checkout. Auto-creates a personal org via createPersonalOrgForUser when the buyer has none. PricingCards swapped from <Link href=/signup?...> (which lost query params via /signup → /sign-up → home) to <a href=/api/billing/start-checkout?plan=...&billing=...>. PricingPageContent surfaces ?checkout_error=<code> as a toast.

Static catalog only: apps/frontend/lib/data/vehicle_makes.json, vehicle_makes_models.json, and vehicle_year_ranges.json. No new Supabase migration; NHTSA-backed vehicle_makes/vehicle_models in Postgres remain filled via vPIC seeding, not these JSON files.

• Picker and loop draft flows that import vehicle_makes_models.json pick up the new rows at build time.

AgeSafetyPrompt now records a localStorage 'done' flag once the server confirms disclosure, short-circuiting the GET on subsequent loads. PATCH derives requiresDisclosure from the post-update row and returns 500 if a silent persist failure leaves the columns null. GET/PATCH responses now carry explicit no-store headers and the client cache-busts its fetch — Safari mobile aggressively caches even with cache: 'no-store' otherwise.

SettingsPage submenu items render as NavigationMenuLink + next/link so taps don't race Radix's auto-close on touch. Age-safety GET no longer enqueues a notification; a new POST is invoked from the prompt's "Remind me later" path.

Bundles the Apr 21–May 1 train: direct Storage uploads and job media gallery; maintenance intervals, service/fuel logs, shop stubs, Opie maintenance scanner + cron, Loop Directory; broad frontend integration (garage, dream car, social discover/follows/entity events); Discover always-on shell; plus platform work through this commit (mission-control Opie votes, Anthropic routing, age-safety API and profile disclosure, NHTSA/car-care helpers, migration hygiene).

• Preflight enforces unique migration prefixes; duplicate 20260501120000 resolved (garage spec sheet -> 20260501120100).
• Remote-history placeholder/sync-only migration files removed from repo in favor of real migrations + linked DB alignment—verify with `pnpm exec supabase migration list --linked` before deploy.
• Release entry validation: `pnpm run release:check` (see docs/RELEASES.md).

Initial structured release record for the public updates page.

• Uses apps/frontend/package.json as the canonical visible version.
• Adds a release record shape for public copy, highlights, and builder details.
• Provides a baseline entry that CI and preflight can validate against.