feat(core): enable new add-on SKU real-time usage report (#7698)

* feat(core): enable third-party app usage report

enable third-party app usage report

* feat(core): enable SAML app usage report

enable SAML app usage report

* feat(core): support roles usage report

support roles usage report

* fix(core): fix unit test

fix unit test

Author: simeng-li

packages/connectors/connector-logto-email/package.json

@@ -52,7 +52,7 @@
     "access": "public"
   },
   "devDependencies": {
-    "@logto/cloud": "0.2.5-103b436",
+    "@logto/cloud": "0.2.5-8a3dff0",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/node": "^22.14.0",

packages/console/package.json

@@ -28,7 +28,7 @@
     "@fontsource/roboto-mono": "^5.0.0",
     "@inkeep/cxkit-react": "^0.5.66",
     "@jest/types": "^29.5.0",
-    "@logto/cloud": "0.2.5-103b436",
+    "@logto/cloud": "0.2.5-8a3dff0",
     "@logto/connector-kit": "workspace:^",
     "@logto/core-kit": "workspace:^",
     "@logto/language-kit": "workspace:^",
@@ -52,13 +52,13 @@
     "@types/debug": "^4.1.7",
     "@types/jest": "^29.4.0",
     "@types/mdx": "^2.0.13",
+    "@types/psl": "^1.1.3",
     "@types/react": "^18.3.3",
     "@types/react-color": "^3.0.6",
     "@types/react-dom": "^18.3.0",
     "@types/react-helmet": "^6.1.6",
     "@types/react-modal": "^3.13.1",
     "@types/react-syntax-highlighter": "^15.5.1",
-    "@types/psl": "^1.1.3",
     "@vitejs/plugin-react": "^4.3.1",
     "@withtyped/client": "^0.8.8",
     "classnames": "^2.3.1",

packages/console/src/consts/subscriptions.ts

@@ -1,5 +1,7 @@
 import { ReservedPlanId } from '@logto/schemas';
 
+import { isDevFeaturesEnabled } from './env';
+
 /**
  * Shared quota limits between the featured plan content in the `CreateTenantModal` and the `PlanComparisonTable`.
  */
@@ -24,15 +26,6 @@ export const hooksAddOnUnitPrice = 2;
 export const securityFeaturesAddOnUnitPrice = 48;
 /* === Add-on unit price (in USD) === */
 
-/**
- * In console, only featured plans are shown in the plan selection component.
- * we will this to filter out the public visible featured plans.
- */
-export const featuredPlanIds: readonly string[] = Object.freeze([
-  ReservedPlanId.Free,
-  ReservedPlanId.Pro202411,
-]);
-
 /**
  * The order of plans in the plan selection content component.
  * Unlike the `featuredPlanIds`, include both grandfathered plans and public visible featured plans.
@@ -48,4 +41,15 @@ export const planIdOrder: Record<string, number> = Object.freeze({
 export const checkoutStateQueryKey = 'checkout-state';
 
 /** The latest pro plan id we are using. */
-export const latestProPlanId = ReservedPlanId.Pro202411;
+export const latestProPlanId = isDevFeaturesEnabled
+  ? ReservedPlanId.Pro202509
+  : ReservedPlanId.Pro202411;
+
+/**
+ * In console, only featured plans are shown in the plan selection component.
+ * we will this to filter out the public visible featured plans.
+ */
+export const featuredPlanIds: readonly string[] = Object.freeze([
+  ReservedPlanId.Free,
+  latestProPlanId,
+]);

packages/core/package.json

@@ -100,7 +100,7 @@
     "zod": "3.24.3"
   },
   "devDependencies": {
-    "@logto/cloud": "0.2.5-103b436",
+    "@logto/cloud": "0.2.5-8a3dff0",
     "@silverhand/eslint-config": "6.0.1",
     "@silverhand/ts-config": "6.0.0",
     "@types/adm-zip": "^0.5.5",

packages/core/src/routes/applications/application.ts

@@ -20,6 +20,7 @@ import { buildOidcClientMetadata } from '#src/oidc/utils.js';
 import assertThat from '#src/utils/assert-that.js';
 import { parseSearchParamsForSearch } from '#src/utils/search.js';
 
+import { EnvSet } from '../../env-set/index.js';
 import type { ManagementApiRouter, RouterInitArgs } from '../types.js';
 
 import applicationCustomDataRoutes from './application-custom-data.js';
@@ -161,7 +162,7 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
     koaGuard({
       body: applicationCreateGuard,
       response: Applications.guard,
-      status: [200, 400, 422, 500],
+      status: [200, 400, 422, 403, 500],
     }),
     // eslint-disable-next-line complexity
     async (ctx, next) => {
@@ -226,6 +227,11 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
         void quota.reportSubscriptionUpdatesUsage('machineToMachineLimit');
       }
 
+      // TODO: remove this dev feature guard when new pro plan and add-on skus are ready.
+      if (EnvSet.values.isDevFeaturesEnabled && rest.isThirdParty) {
+        void quota.reportSubscriptionUpdatesUsage('thirdPartyApplicationsLimit');
+      }
+
       return next();
     }
   );
@@ -361,7 +367,8 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
     }),
     async (ctx, next) => {
       const { id } = ctx.guard.params;
-      const { type, protectedAppMetadata } = await queries.applications.findApplicationById(id);
+      const { type, protectedAppMetadata, isThirdParty } =
+        await queries.applications.findApplicationById(id);
 
       if (type === ApplicationType.SAML) {
         throw new RequestError('application.saml.use_saml_app_api');
@@ -383,6 +390,11 @@ export default function applicationRoutes<T extends ManagementApiRouter>(
         void quota.reportSubscriptionUpdatesUsage('machineToMachineLimit');
       }
 
+      // TODO: remove this dev feature guard when new pro plan and add-on skus are ready.
+      if (EnvSet.values.isDevFeaturesEnabled && isThirdParty) {
+        void quota.reportSubscriptionUpdatesUsage('thirdPartyApplicationsLimit');
+      }
+
       return next();
     }
   );

packages/core/src/routes/role.test.ts

@@ -169,6 +169,7 @@ describe('role routes', () => {
   });
 
   it('DELETE /roles/:id', async () => {
+    findRoleById.mockResolvedValueOnce(mockAdminUserRole);
     const response = await roleRequester.delete(`/roles/${mockAdminUserRole.id}`);
     expect(response.status).toEqual(204);
     expect(deleteRoleById).toHaveBeenCalledWith(mockAdminUserRole.id);

packages/core/src/routes/role.ts

@@ -12,6 +12,8 @@ import koaRoleRlsErrorHandler from '#src/middleware/koa-role-rls-error-handler.j
 import assertThat from '#src/utils/assert-that.js';
 import { parseSearchParamsForSearch } from '#src/utils/search.js';
 
+import { EnvSet } from '../env-set/index.js';
+
 import roleApplicationRoutes from './role.application.js';
 import roleUserRoutes from './role.user.js';
 import type { ManagementApiRouter, RouterInitArgs } from './types.js';
@@ -179,6 +181,13 @@ export default function roleRoutes<T extends ManagementApiRouter>(
         );
       }
 
+      // TODO: remove this dev feature guard when new pro plan and add-on skus are ready.
+      if (EnvSet.values.isDevFeaturesEnabled) {
+        void quota.reportSubscriptionUpdatesUsage(
+          role.type === RoleType.MachineToMachine ? 'machineToMachineRolesLimit' : 'userRolesLimit'
+        );
+      }
+
       ctx.body = role;
 
       // Hook context must be triggered after the response is set.
@@ -258,7 +267,18 @@ export default function roleRoutes<T extends ManagementApiRouter>(
       const {
         params: { id },
       } = ctx.guard;
+
+      // Check if role is available, and get role type before deleting the role
+      const role = await findRoleById(id);
+
       await deleteRoleById(id);
+
+      if (EnvSet.values.isDevFeaturesEnabled) {
+        void quota.reportSubscriptionUpdatesUsage(
+          role.type === RoleType.MachineToMachine ? 'machineToMachineRolesLimit' : 'userRolesLimit'
+        );
+      }
+
       ctx.status = 204;
 
       return next();

packages/core/src/routes/saml-application/index.ts

@@ -128,6 +128,11 @@ export default function samlApplicationRoutes<T extends ManagementApiRouter>(
           }),
         ]);
 
+        // TODO: remove this dev feature guard when new pro plan and add-on skus are ready.
+        if (EnvSet.values.isDevFeaturesEnabled) {
+          void quota.reportSubscriptionUpdatesUsage('samlApplicationsLimit');
+        }
+
         ctx.status = 201;
         ctx.body = ensembleSamlApplication({ application, samlConfig });
       } catch (error) {
@@ -200,6 +205,11 @@ export default function samlApplicationRoutes<T extends ManagementApiRouter>(
 
       await deleteApplicationById(id);
 
+      // TODO: remove this dev feature guard when new pro plan and add-on skus are ready.
+      if (EnvSet.values.isDevFeaturesEnabled) {
+        void quota.reportSubscriptionUpdatesUsage('samlApplicationsLimit');
+      }
+
       ctx.status = 204;
 
       return next();

packages/core/src/utils/subscription/types.ts

@@ -1,8 +1,11 @@
 import type router from '@logto/cloud/routes';
 import { type ToZodObject } from '@logto/connector-kit';
+import { conditional } from '@silverhand/essentials';
 import { type RouterRoutes } from '@withtyped/client';
 import { z, type ZodType } from 'zod';
 
+import { EnvSet } from '../../env-set/index.js';
+
 type GetRoutes = RouterRoutes<typeof router>['get'];
 type PostRoutes = RouterRoutes<typeof router>['post'];
 
@@ -48,6 +51,13 @@ export type ReportSubscriptionUpdatesUsageKey = Exclude<
   'organizationsEnabled'
 >;
 
+const newAddedReportableUsageKeys = Object.freeze([
+  'thirdPartyApplicationsLimit',
+  'userRolesLimit',
+  'machineToMachineRolesLimit',
+  'samlApplicationsLimit',
+] satisfies Array<keyof SubscriptionQuota>);
+
 // Have to manually define this variable since we can only get the literal union from the @logto/cloud/routes module.
 export const allReportSubscriptionUpdatesUsageKeys = Object.freeze([
   'machineToMachineLimit',
@@ -58,6 +68,8 @@ export const allReportSubscriptionUpdatesUsageKeys = Object.freeze([
   'enterpriseSsoLimit',
   'hooksLimit',
   'securityFeaturesEnabled',
+  // TODO: Remove this dev feature guard once new pro plan is ready for production
+  ...(conditional(EnvSet.values.isDevFeaturesEnabled && newAddedReportableUsageKeys) ?? []),
 ]) satisfies readonly ReportSubscriptionUpdatesUsageKey[];
 
 const subscriptionStatusGuard = z.enum([