elb's flag_val only matches --key=value, not --key value.
All three workflows were passing flags space-separated which
elb silently ignored, causing 'cannot locate el_runtime.c'.
PR builds can't pull ci-base (no GCP secrets on pull_request events).
dev.yaml falls back to committed bin/ + runtime/ instead.
Extracted from ci-base:latest (sdk-release.yaml run 1411).
When a user hits the 10-question limit, the header countdown flips from
'0 questions left' to a live 'resets in HH:MM:SS' ticker counting to
midnight UTC. Clears automatically when the session resets.
- stage.yaml and deploy.yaml now extract El SDK from ci-base (docker cp /opt/el) and run elb build to produce dist/neuron-landing
- JS El sources compiled via elc --target=js in a dedicated step, matching dev.yaml exactly
- build-stage.sh replaced with thin elb wrapper for local dev use
- Removes the broken "Set up El SDK" stub (echo EL_HOME) and old build-stage.sh invocation from both workflows
Free tier:
- checkout-stripe.el bails out immediately for plan=free (no Stripe init)
- checkout-auth.el skips payment section reveal and initStripe for free plan
- checkout-free.el shows #free-success panel after auth (no card ever shown)
- /api/payment-intent returns early for free plan — no Stripe call
Stripe dedup (all paid plans):
- Stripe init now deferred to window.initStripe(email, name), called by
checkout-auth.el after sign-in — email is known before intent is created
- /api/payment-intent finds-or-creates Stripe Customer by email before
creating the PaymentIntent/SetupIntent and attaches customer upfront
- Eliminates the window between intent creation and /api/link-customer
that was producing duplicate guest customers
Root cause: the staged el_runtime.c (from el.git) wraps the entire OTLP
observability section (emit_metric, emit_log, trace_span_start/end) in
#ifdef HAVE_CURL. Without -DHAVE_CURL, those symbols are compiled out,
causing the undefined reference linker errors.
libcurl IS available (installed via libcurl4-openssl-dev), so -DHAVE_CURL
correctly enables the OTLP code path.
Also reverts the soul-demo compile to use el_runtime.o (the pre-compiled
cached object) now that the object will contain the correct symbols.
soul-demo.c was previously an older compiled artifact that triggered an
undefined reference to emit_metric/emit_log/trace_span_* at link time in CI.
Two fixes:
1. Rebuild soul-demo.c from soul-demo.el using current elc — cleaner
codegen (no double-wrapped el_from_float), same logic, unix_timestamp
collision with el_runtime.c removed.
2. Dockerfile.stage: compile soul-demo against el_runtime.c directly
(not el_runtime.o) so all runtime symbols are always resolved from the
staged source, bypassing any Docker layer cache divergence on el_runtime.o.
- Turnstile server-side verification: reject requests with no cf_token;
read secret from TURNSTILE_SECRET_KEY env (no longer hardcoded); fix
siteverify URL from v0 to v1
- Security headers: wrap all responses via http_response() with HSTS,
X-Content-Type-Options, X-Frame-Options, Referrer-Policy,
Permissions-Policy, and Content-Security-Policy
- GCS error info leak: guard /share/<id> response — only return content
that starts with '<' (valid HTML); GCS error JSON is silently 404d
- robots.txt: remove Sitemap reference to sitemap.xml that returns 404
- SRI hash: add integrity + crossorigin attributes to marked.min.js CDN tag
- Attestations bucket: write /api/attest records to GCS_ATTEST_BUCKET
(dedicated private bucket) instead of the share bucket; falls back to
GCS_SHARE_BUCKET if GCS_ATTEST_BUCKET is not set (legacy deploys)
elb compiles each .el source independently (per-file codegen),
avoiding the exponential memory growth from concatenating all sources
into main-combined.el and feeding it to elc in one shot.
- dev.yaml: replace build-stage.sh with elb build + per-file JS elc
- Dockerfile.stage: COPY dist/neuron-landing (elb binary) directly
instead of compiling from pre-generated main.c. soul-demo stays as
cc compilation (small file, no risk).
The El repo only has a darwin arm64 elc binary. The v1.2.1 linux
binary predates native HTML template syntax. Compile elc.c (the
committed C source of the El compiler) on linux/amd64 in CI to
get a native binary that supports the new syntax.
v1.2.1 elc (282KB) cannot compile native HTML template syntax
introduced in feat/native-el-templates. Clone El repo depth=1
to get the latest elc (486KB) that supports it. Set EL_HOME
to lang/ subdir.
El repo is organized under lang/ — runtime and dist/platform binaries
are at lang/el-compiler/runtime/ and lang/dist/platform/, not at root.
Setting EL_HOME=$DEST/lang makes RUNTIME_SRC resolve correctly so
build-stage.sh can cp el_runtime.{c,h,js} from the right location.
Replace all return "..." HTML string literals with native El templates —
removes all \" escapes, converts + interpolations to {expr}/{raw(expr)},
and replaces conditional string concatenation with {#if}/{#else}/{/if}.
No functional changes; output is identical.
will.anderson
Will Anderson