firebase auth, firestore credits, free mode — shipped to production

swapped the simulated sign-in for real firebase google auth using signInWithPopup. added onAuthStateChanged listener so auth persists on refresh. built the firestore credit system — loadOrCreateUser checks if the user doc exists, creates one with 0 credits if not. freeUsedToday tracks the 1-per-day limit as a date string.

free mode now actually works: netlify function (fetch-proxy.js) fetches the URL server-side to bypass CORS, client-side cleaning strips scripts, noscript, tracking pixels, and known tracker domains. preview renders via iframe srcdoc. download button creates a real blob and triggers a file save.

deployed to netlify. hit the exposed secrets scanner blocking the build — firebase API keys start with AIza which triggers it. fix was adding SECRETS_SCAN_SMART_DETECTION_ENABLED=false as an env var. domain sitesnapshot.org bought and connected via netlify DNS. firebase authorized domains updated for both the netlify subdomain and the custom domain.

still simulated: AI mode results, screenshot mode, stripe checkout. those are next.