Refresh open threads with completed billing, auth, onboarding, and dashboard work

OPEN_THREADS.md

@@ -100,16 +100,17 @@ Completed:
 - console routing corrected
 - control plane switched to IP-based service communication
 - Velocity rehydration uses DB + Redis instead of Proxmox live state
-- billing foundation added to Prisma/User model (`stripeCustomerId`, `subscriptionStatus`, `plan`)
-- migration history drift reconciled cleanly without DB reset
-- Stripe sandbox checkout flow now reaches Stripe successfully for a normal test user
-- Stripe customer ID persistence works
+- Stripe webhook delivery/reachability fixed via public billing hostname
+- webhook-driven persistence of billing state (`subscriptionStatus`, `plan`)
+- billing page/API alignment for active state and Stripe portal flow
+- direct in-app plan upgrade endpoint (`/api/billing/upgrade`)
+- direct in-app plan downgrade scheduling endpoint (`/api/billing/downgrade`)
+- persisted billing fields for `currentPeriodEnd`, `lastInvoicePaidAt`, `billingSyncedAt`
+- persisted scheduled downgrade state (`scheduledPlan`, `scheduledPlanEffectiveAt`)
+- plan-based quota enforcement in `POST /api/instances`
+- password reset request + confirm flow implemented
 
 Outstanding:
-- Stripe webhook delivery/reachability for non-public API path
-- webhook-driven persistence of `subscriptionStatus` and `plan`
-- password reset flow verification
-- usage limits / quota enforcement
 - simplify and harden host-native `devProxy`
 - dev runtime catalog endpoint for portal
 - Headscale auth key generation
@@ -126,16 +127,19 @@ Completed:
 - dev file browser support
 - site copy rewrite
 - pricing page updated
-- billing page/auth compatibility work started for API v2 billing state
+- billing page aligned with API v2 billing state
+- honest Stripe portal section with single portal CTA
+- in-app Basic → Pro upgrade wiring
+- in-app Pro → Basic scheduled downgrade wiring
+- quota/limit messaging on create flow with billing upgrade guidance
+- forgot-password + reset-password pages and login linkage
+- first-login onboarding modal with quick/full tour and skip
+- dashboard IA refresh: spotlight server card replaces duplicate mini-listing
 
 Outstanding:
 - confirm "Open IDE" button fully uses hosted URL flow
 - SSH config snippet for power users
-- user onboarding flow
 - email notifications
-- finish portal billing page alignment with API v2 (`/api/billing`, checkout redirect, billing-exempt/admin handling, trialing/active states)
-- dashboard information architecture refresh — remove or rethink duplicate resource overview/cards
-- implement "spotlight server" carousel on dashboard (rotating single server card with status/players, click-through to console)
 - remove `testdaemon` binary from repo root
 
 ---
@@ -171,15 +175,11 @@ Optional / Nonessential:
 ## Pre-Launch Checklist
 
 Outstanding before launch:
-- Billing / Stripe integration (webhook delivery + state persistence still pending)
 - game server world backup / restore
-- user onboarding flow
-- password reset flow verification
-- usage limits / quota enforcement
 - game server subdomain verification
 - email notifications
 - upload testing
-- billing endpoints
+- billing endpoint/path cleanup verification
 - stress testing: k6 IDE + Minecraft bot + code-server memory baseline
 - OPNsense audit
 - Fabric readiness gating full validation
@@ -229,3 +229,8 @@ Future work:
 - system stabilization after migration
 - IP-based control plane
 - Velocity startup rehydrate fixed and validated on happy path
+- billing / Stripe webhook delivery and persistence
+- password reset flow
+- usage limits / quota enforcement
+- user onboarding flow
+- dashboard spotlight server IA refresh