Remove pricing/licensing — make all features free#21
Merged
Conversation
pgconsole is now entirely free with all features unconditionally enabled. Removes the plan/license system end to end. - Delete plan tiers, license verification, Subscription modal, license expiry banner, the Stripe webhook worker, the website pricing page, and the license docs page. - Ungate features: SSO (Google/Keycloak/Okta), audit logging, groups, banner, and branding are always available. - IAM is now opt-in / off by default: with no [[iam]] rules defined, authenticated users get full access; defining the first rule turns enforcement on. Restores the pre-pricing default and eases onboarding. - Scrub all pricing/plan/license references from docs. - Update tests for the new IAM default; drop license/plan test files. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
Greptile SummaryThis PR removes all plan-tier and license infrastructure — deleting
Confidence Score: 4/5Safe to merge. The IAM opt-in change is a well-considered and documented behavioral shift, and the remaining 460 tests validate the new default correctly. The change is a large but coherent removal of a pricing layer. The IAM presence-based opt-in design is clearly reasoned and tested. The only nits are a cosmetic indentation artifact in App.tsx and the loss of a direct unit-test assertion for the agent connection cap (which is still exercised indirectly). No logic regressions were found in the auth, IAM, or audit paths. No files require special attention. server/lib/iam.ts carries the most consequential behavioral change and is clean; tests/mcp.test.ts lost a small piece of direct coverage but retains functional coverage of the same path. Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[Incoming Request] --> B{isAuthEnabled?}
B -- No --> C[Full Access ALL_PERMISSIONS]
B -- Yes --> D{IAM rules defined?\nrules.length === 0?}
D -- No rules --> C
D -- Has rules --> E[Iterate matching IAM rules\nfor connection + principal]
E --> F{Any rule matches?}
F -- Yes --> G[Union matched permissions]
F -- No --> H[Empty set — Access denied / hidden]
G --> I[Return permission set]
C --> I
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
A[Incoming Request] --> B{isAuthEnabled?}
B -- No --> C[Full Access ALL_PERMISSIONS]
B -- Yes --> D{IAM rules defined?\nrules.length === 0?}
D -- No rules --> C
D -- Has rules --> E[Iterate matching IAM rules\nfor connection + principal]
E --> F{Any rule matches?}
F -- Yes --> G[Union matched permissions]
F -- No --> H[Empty set — Access denied / hidden]
G --> I[Return permission set]
C --> I
Reviews (1): Last reviewed commit: "feat: remove pricing/licensing, make all..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Pull request overview
Removes the pricing/licensing system across the app (server + client), deletes the Stripe→Keygen webhook worker and marketing pricing page, and changes IAM to be opt-in (enforced only once at least one [[iam]] rule exists) while making previously gated features always available.
Changes:
- Removed plan/license enforcement (including server license verification, plan-based feature gating, and related UI/tests).
- Deleted Stripe webhook worker and marketing site pricing page/components/links.
- Updated IAM semantics + tests/docs so “no
[[iam]]rules” ⇒ IAM off (full access for authenticated users).
Reviewed changes
Copilot reviewed 41 out of 42 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| worker/stripe-webhook/wrangler.toml | Removed Cloudflare Worker config for Stripe webhook worker. |
| worker/stripe-webhook/src/index.js | Removed Stripe webhook handler (Stripe verification → Keygen license creation → email). |
| worker/stripe-webhook/package.json | Removed Stripe worker package manifest (stripe + wrangler deps). |
| worker/stripe-webhook/package-lock.json | Removed Stripe worker lockfile. |
| website/src/components/shared/navbar.tsx | Removed “Pricing” link from website navbar. |
| website/src/components/sections/pricing-single-tier-two-column.tsx | Removed pricing section component. |
| website/src/components/sections/pricing-multi-tier.tsx | Removed multi-tier pricing section component. |
| website/src/components/sections/pricing-hero-multi-tier.tsx | Removed pricing hero (tabbed) component. |
| website/src/components/sections/plan-comparison-table.tsx | Removed plan comparison table component. |
| website/src/app/sitemap.ts | Removed /pricing from sitemap output. |
| website/src/app/pricing/page.tsx | Removed /pricing page implementation. |
| tests/plan.test.ts | Removed tests for plan gating logic (plan module removed). |
| tests/mcp.test.ts | Updated MCP/IAM-related tests for IAM opt-in default; removed plan-based assumptions. |
| tests/license.test.ts | Removed license verification tests (license module removed). |
| tests/iam.test.ts | Updated IAM tests for opt-in enforcement when rules exist; removed plan gating mocks. |
| src/lib/plan.ts | Removed plan tier + feature gating helpers. |
| src/lib/auth-client.ts | Removed requiredPlan field from auth provider shape. |
| src/hooks/useSubscriptionModal.ts | Removed subscription modal hook/context. |
| src/hooks/useSetting.ts | Removed plan/license fields from settings response + hook return value. |
| src/components/SubscriptionModal.tsx | Removed subscription management modal UI. |
| src/components/LicenseExpiryBanner.tsx | Removed license expiry banner UI. |
| src/components/Header.tsx | Removed “Subscription” menu item and related imports/hooks. |
| src/components/AuthForm.tsx | Removed SSO “requires plan” disablement + messaging; always enables providers. |
| src/App.tsx | Removed subscription modal provider wrapper and license banner from layout. |
| server/lib/license.ts | Removed server-side license JWT verification. |
| server/lib/iam.ts | Made IAM enforcement presence-based (no rules ⇒ full access); removed plan gate. |
| server/lib/config.ts | Removed license parsing, plan resolution, seat/user-limit enforcement, and related getters. |
| server/lib/audit.ts | Removed plan gate so audit logging always emits when called. |
| server/index.ts | Simplified /api/setting to always return banner/branding; removed plan/license fields. |
| server/auth-routes.ts | Removed plan gating for OAuth routes and provider “requiredPlan” reporting. |
| docs/getting-started/faq.mdx | Updated License FAQ to “source available and free, all features included.” |
| docs/features/white-labeling.mdx | Removed “Enterprise plan required” notice. |
| docs/features/mcp-server.mdx | Removed “license seat” language for agents. |
| docs/features/database-access-control.mdx | Documented IAM opt-in behavior; removed plan requirement notice. |
| docs/features/audit-log.mdx | Removed “Enterprise plan required” notice. |
| docs/docs.json | Removed docs navigation entry for configuration/license page. |
| docs/configuration/license.mdx | Removed license management documentation page. |
| docs/configuration/config.mdx | Removed license field from config reference; updated IAM/owner/agents wording. |
| docs/authentication/overview.mdx | Updated SSO “Best for” wording to remove plan association. |
| docs/authentication/okta.mdx | Removed “Enterprise plan required” notice. |
| docs/authentication/keycloak.mdx | Removed “Enterprise plan required” notice. |
| docs/authentication/google.mdx | Removed “Team/Enterprise plan required” notice. |
Files not reviewed (1)
- worker/stripe-webhook/package-lock.json: Generated file
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Dedent the layout block left over from flattening the removed SubscriptionModalProvider nesting. No behavior change. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Follow-up to the pricing removal, addressing PR review: - Delete .github/workflows/deploy-stripe-worker.yml, which referenced the now-deleted worker/stripe-webhook and would fail on merge. - Remove the commented license key and "Enterprise only" branding notes from pgconsole.example.toml to match the all-features-free model. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Comment on lines
+27
to
+31
| Each token belongs to an `[[agents]]` entry — a non-human principal that is **not** a user (no UI login). There are two kinds: | ||
|
|
||
| - **Pure agent** — a standalone service account (e.g. a CI bot). Authorized by IAM rules whose `members` include `agent:<id>`. Audited as `agent:<id>`. | ||
| If no `[[iam]]` rules are defined, IAM is off and agents have full access to all connections; define at least one rule to enforce least privilege. | ||
|
|
||
| - **Pure agent** — a standalone service account (e.g. a CI bot). When IAM is active, authorized by IAM rules whose `members` include `agent:<id>`. Audited as `agent:<id>`. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
pgconsole is now entirely free with all features unconditionally enabled. This removes the plan/license system end to end across the app, server, MCP, the Stripe webhook worker, the marketing site, tests, config, and docs.
Removed (pricing-only):
src/lib/plan.ts,server/lib/license.ts)worker/stripe-webhook/)/pricingpage + its section components and nav/sitemap linksdocs/configuration/license.mdx)Ungated (now always on): SSO (Google/Keycloak/Okta), audit logging, groups, announcement banner, branding.
Docs: scrubbed all license/plan/tier references; rewrote the FAQ License section to "source available and free, all features included."
IAM is now opt-in (off by default)
Removing the plan gate would have left IAM always enforced whenever
[auth]is on — meaning a deployment with users but no[[iam]]rules would lock everyone out. To keep onboarding friction-free, IAM is now presence-based opt-in:[auth][auth], no[[iam]]rules[auth], ≥1[[iam]]ruleThis restores the pre-pricing default. Note it's a global switch: the first rule turns enforcement on for all connections (unlisted connections become hidden).
Test plan
tsc -bclean ·vite buildclean ·build:servercleaniam.test.ts/mcp.test.tsfor the new IAM default and droppedlicense.test.ts/plan.test.ts🤖 Generated with Claude Code