Grant Ultra subscribers access to claude-code repo

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: simonhamp

app/Http/Controllers/GitHubIntegrationController.php

@@ -167,8 +167,8 @@ public function requestClaudePluginsAccess(): RedirectResponse
         // Check if user has a Plugin Dev Kit license or is an Ultra team member
         $pluginDevKit = Product::where('slug', 'plugin-dev-kit')->first();
 
-        if (! $user->isUltraTeamMember() && (! $pluginDevKit || ! $user->hasProductLicense($pluginDevKit))) {
-            return back()->with('error', 'You need a Plugin Dev Kit license or Ultra team membership to access the claude-code repository.');
+        if (! $user->hasActiveUltraSubscription() && ! $user->isUltraTeamMember() && (! $pluginDevKit || ! $user->hasProductLicense($pluginDevKit))) {
+            return back()->with('error', 'You need a Plugin Dev Kit license, Ultra subscription, or Ultra team membership to access the claude-code repository.');
         }
 
         $github = GitHubOAuth::make();

app/Listeners/StripeWebhookReceivedListener.php

@@ -5,6 +5,7 @@
 use App\Jobs\CreateUserFromStripeCustomer;
 use App\Jobs\HandleInvoicePaidJob;
 use App\Jobs\RemoveDiscordMaxRoleJob;
+use App\Jobs\RevokeTeamUserAccessJob;
 use App\Jobs\SuspendTeamJob;
 use App\Jobs\UnsuspendTeamJob;
 use App\Models\User;
@@ -77,6 +78,7 @@ private function handleSubscriptionDeleted(WebhookReceived $event): void
         $this->removeDiscordRoleIfNoMaxLicense($user);
 
         dispatch(new SuspendTeamJob($user->id));
+        dispatch(new RevokeTeamUserAccessJob($user->id));
     }
 
     private function handleSubscriptionUpdated(WebhookReceived $event): void
@@ -101,6 +103,7 @@ private function handleSubscriptionUpdated(WebhookReceived $event): void
         if (in_array($status, ['canceled', 'unpaid', 'past_due', 'incomplete_expired'])) {
             $this->removeDiscordRoleIfNoMaxLicense($user);
             dispatch(new SuspendTeamJob($user->id));
+            dispatch(new RevokeTeamUserAccessJob($user->id));
         }
 
         // Detect reactivation: status changed to active from a non-active state

resources/views/livewire/claude-plugins-access-banner.blade.php

@@ -2,7 +2,7 @@
 @php
     $user = auth()->user();
     $pluginDevKit = \App\Models\Product::where('slug', 'plugin-dev-kit')->first();
-    $hasLicense = $pluginDevKit && $user->hasProductLicense($pluginDevKit);
+    $hasLicense = ($pluginDevKit && $user->hasProductLicense($pluginDevKit)) || $user->hasActiveUltraSubscription();
 @endphp
 
 @if($hasLicense)

resources/views/livewire/customer/integrations.blade.php

@@ -28,7 +28,7 @@
         <flux:heading>About Integrations</flux:heading>
         <div class="mt-4 prose dark:prose-invert prose-sm max-w-none">
             <ul class="list-disc list-inside space-y-2">
-                <li><strong>GitHub:</strong> Max license holders can access the private <code>nativephp/mobile</code> repository. Plugin Dev Kit license holders can access <code>nativephp/claude-code</code>.</li>
+                <li><strong>GitHub:</strong> Max license holders can access the private <code>nativephp/mobile</code> repository. Plugin Dev Kit license holders and Ultra subscribers can access <code>nativephp/claude-code</code>.</li>
                 <li><strong>Discord:</strong> Max license holders receive a special "Max" role in the NativePHP Discord server.</li>
             </ul>
             <p class="mt-4">

tests/Feature/UltraClaudeCodeAccessTest.php

@@ -0,0 +1,192 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Enums\Subscription;
+use App\Jobs\RevokeTeamUserAccessJob;
+use App\Listeners\StripeWebhookReceivedListener;
+use App\Models\Product;
+use App\Models\ProductLicense;
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Facades\Http;
+use Illuminate\Support\Facades\Queue;
+use Laravel\Cashier\Events\WebhookReceived;
+use Laravel\Cashier\Subscription as CashierSubscription;
+use Tests\TestCase;
+
+class UltraClaudeCodeAccessTest extends TestCase
+{
+    use RefreshDatabase;
+
+    private const MAX_PRICE_ID = 'price_test_max_yearly';
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        config(['subscriptions.plans.max.stripe_price_id' => self::MAX_PRICE_ID]);
+    }
+
+    private function createUltraUser(): User
+    {
+        $user = User::factory()->create(['stripe_id' => 'cus_'.uniqid()]);
+
+        CashierSubscription::factory()->for($user)->active()->create([
+            'stripe_price' => self::MAX_PRICE_ID,
+        ]);
+
+        return $user;
+    }
+
+    // ========================================
+    // Banner Visibility Tests
+    // ========================================
+
+    public function test_ultra_subscriber_sees_claude_plugins_banner(): void
+    {
+        Http::fake(['github.com/*' => Http::response([], 200)]);
+
+        $user = $this->createUltraUser();
+
+        $response = $this->actingAs($user)->get(route('customer.integrations'));
+
+        $response->assertStatus(200);
+        $response->assertSee('Repo Access');
+    }
+
+    public function test_plugin_dev_kit_license_holder_sees_claude_plugins_banner(): void
+    {
+        Http::fake(['github.com/*' => Http::response([], 200)]);
+
+        $user = User::factory()->create();
+        $product = Product::factory()->create(['slug' => 'plugin-dev-kit']);
+        ProductLicense::factory()->create([
+            'user_id' => $user->id,
+            'product_id' => $product->id,
+        ]);
+
+        $response = $this->actingAs($user)->get(route('customer.integrations'));
+
+        $response->assertStatus(200);
+        $response->assertSee('Repo Access');
+    }
+
+    public function test_non_ultra_non_licensed_user_does_not_see_claude_plugins_banner(): void
+    {
+        $user = User::factory()->create();
+
+        $response = $this->actingAs($user)->get(route('customer.integrations'));
+
+        $response->assertStatus(200);
+        $response->assertDontSee('Repo Access');
+    }
+
+    // ========================================
+    // Request Access Tests
+    // ========================================
+
+    public function test_ultra_subscriber_can_request_claude_plugins_access(): void
+    {
+        Http::fake(['github.com/*' => Http::response([], 201)]);
+
+        $user = $this->createUltraUser();
+        $user->update(['github_username' => 'ultrauser']);
+
+        $response = $this->actingAs($user)
+            ->post(route('github.request-claude-plugins-access'));
+
+        $response->assertSessionHas('success');
+        $this->assertNotNull($user->fresh()->claude_plugins_repo_access_granted_at);
+    }
+
+    public function test_non_ultra_non_licensed_user_cannot_request_claude_plugins_access(): void
+    {
+        $user = User::factory()->create(['github_username' => 'someuser']);
+
+        $response = $this->actingAs($user)
+            ->post(route('github.request-claude-plugins-access'));
+
+        $response->assertSessionHas('error');
+        $this->assertNull($user->fresh()->claude_plugins_repo_access_granted_at);
+    }
+
+    // ========================================
+    // Subscription Revocation Tests
+    // ========================================
+
+    public function test_revoke_job_dispatched_when_subscription_deleted(): void
+    {
+        Queue::fake();
+
+        $user = $this->createUltraUser();
+
+        $event = new WebhookReceived([
+            'type' => 'customer.subscription.deleted',
+            'data' => [
+                'object' => [
+                    'customer' => $user->stripe_id,
+                ],
+            ],
+        ]);
+
+        $listener = new StripeWebhookReceivedListener;
+        $listener->handle($event);
+
+        Queue::assertPushed(RevokeTeamUserAccessJob::class, function ($job) use ($user) {
+            return $job->userId === $user->id;
+        });
+    }
+
+    public function test_revoke_job_dispatched_when_subscription_canceled(): void
+    {
+        Queue::fake();
+
+        $user = $this->createUltraUser();
+
+        $event = new WebhookReceived([
+            'type' => 'customer.subscription.updated',
+            'data' => [
+                'object' => [
+                    'customer' => $user->stripe_id,
+                    'status' => 'canceled',
+                ],
+                'previous_attributes' => [
+                    'status' => 'active',
+                ],
+            ],
+        ]);
+
+        $listener = new StripeWebhookReceivedListener;
+        $listener->handle($event);
+
+        Queue::assertPushed(RevokeTeamUserAccessJob::class, function ($job) use ($user) {
+            return $job->userId === $user->id;
+        });
+    }
+
+    public function test_revoke_job_not_dispatched_when_subscription_reactivated(): void
+    {
+        Queue::fake();
+
+        $user = $this->createUltraUser();
+
+        $event = new WebhookReceived([
+            'type' => 'customer.subscription.updated',
+            'data' => [
+                'object' => [
+                    'customer' => $user->stripe_id,
+                    'status' => 'active',
+                ],
+                'previous_attributes' => [
+                    'status' => 'canceled',
+                ],
+            ],
+        ]);
+
+        $listener = new StripeWebhookReceivedListener;
+        $listener->handle($event);
+
+        Queue::assertNotPushed(RevokeTeamUserAccessJob::class);
+    }
+}