tina4ruby 3.12.10 → 3.12.13

data/lib/tina4/mcp.rb

@@ -21,6 +21,7 @@
 require "json"
 require "socket"
 require "fileutils"
+require "open3"
 
 module Tina4
   # ── JSON-RPC 2.0 codec ────────────────────────────────────────────
@@ -457,7 +458,111 @@ module Tina4
       project_root = File.expand_path(Dir.pwd)
 
       # ── Helpers ────────────────────────────────────────
+      # Append a structured line to `.tina4/agent.log` AND echo to STDERR.
+      # Mirrors the Python `_agent_log` helper so a single log file
+      # captures every agent action regardless of which side of the
+      # stack performed it. Cheap — never blocks the caller on I/O
+      # failure.
+      agent_log = lambda do |category, message|
+        begin
+          log_dir = File.join(project_root, ".tina4")
+          FileUtils.mkdir_p(log_dir)
+          log_path = File.join(log_dir, "agent.log")
+          ts = Time.now.utc.strftime("%Y-%m-%dT%H:%M:%SZ")
+          File.open(log_path, "a") { |f| f.write("#{ts} [#{category}] #{message}\n") }
+        rescue
+          # logging must never fail the actual call
+        end
+        warn "  [agent #{category}] #{message}"
+      end
+
+      # Paths that look like prose rather than filesystem paths. AI
+      # agents occasionally pass natural language ("The plan requires
+      # implementing...") as `path` to file_write and produce folders
+      # with prose for names. Returns an error string on rejection,
+      # nil on acceptance.
+      sane_path_segment = /\A[A-Za-z0-9._\-]+\z/
+      looks_like_prose = lambda do |rel_path|
+        if rel_path.nil? || rel_path.strip.empty?
+          break "path is empty"
+        end
+        if rel_path.length > 300
+          break "path too long (#{rel_path.length} chars); use a real filename"
+        end
+        bad_sequences = ["`", "\n", "\t", "  ", " — ", " (", " [", "?", "*", "<", ">", "|"]
+        bad_hit = bad_sequences.find { |bad| rel_path.include?(bad) }
+        if bad_hit
+          break "path contains illegal character sequence #{bad_hit.inspect} — looks like prose, not a filename"
+        end
+        segment_error = nil
+        rel_path.split("/").each do |seg|
+          next if seg.empty? || seg == "." || seg == ".."
+          if seg.length > 80
+            segment_error = "path segment too long: #{seg[0, 60].inspect}… — use a short filename"
+            break
+          end
+          unless sane_path_segment.match?(seg)
+            segment_error = "path segment #{seg.inspect} contains disallowed characters — stick to [A-Za-z0-9._-]"
+            break
+          end
+        end
+        segment_error
+      end
+
+      # Rewrite bare top-level Tina4-conventional directories into
+      # their `src/<dir>/` canonical form. The framework's
+      # auto-discovery only scans `src/`, so a file at
+      # `templates/foo.twig` is dead weight — the framework never
+      # loads it. Mirrors normalize_coder_path() in the Python agent.
+      normalize_coder_path = lambda do |rel_path|
+        passthrough_prefixes = ["src/", "migrations/", "plan/", "tests/",
+                                "test/", ".tina4/"]
+        passthrough_files = %w[app.py app.ts app.rb index.php composer.json
+                               package.json Gemfile pyproject.toml
+                               requirements.txt .env .env.example]
+        if passthrough_prefixes.any? { |p| rel_path.start_with?(p) }
+          next rel_path
+        end
+        if passthrough_files.include?(rel_path)
+          next rel_path
+        end
+        %w[routes orm templates seeds controllers models middleware].each do |d|
+          if rel_path.start_with?("#{d}/")
+            rewritten = "src/#{rel_path}"
+            agent_log.call("write.path_normalized", "#{rel_path} → #{rewritten}")
+            return rewritten
+          end
+        end
+        rel_path
+      end
+
+      # Copy `target` into `.tina4/backups/` with a timestamped name.
+      # Returns the relative backup path on success, nil on failure.
+      agent_backup = lambda do |target|
+        begin
+          next nil unless File.file?(target)
+          backup_dir = File.join(project_root, ".tina4", "backups")
+          FileUtils.mkdir_p(backup_dir)
+          rel = if target.start_with?("#{project_root}/")
+                  target.sub("#{project_root}/", "")
+                else
+                  File.basename(target)
+                end
+          safe = rel.gsub("/", "__").gsub("\\", "__")
+          ts = Time.now.utc.strftime("%Y-%m-%dT%H-%M-%SZ")
+          backup_name = "#{safe}.#{ts}.bak"
+          backup_path = File.join(backup_dir, backup_name)
+          File.binwrite(backup_path, File.binread(target))
+          ".tina4/backups/#{backup_name}"
+        rescue => e
+          agent_log.call("write.backup_failed", "#{target}: #{e.message}")
+          nil
+        end
+      end
+
       safe_path = lambda do |rel_path|
+        err = looks_like_prose.call(rel_path)
+        raise ArgumentError, "Invalid path #{rel_path.inspect}: #{err}" if err
         resolved = File.expand_path(rel_path, project_root)
         unless resolved.start_with?(project_root)
           raise ArgumentError, "Path escapes project directory: #{rel_path}"
@@ -465,6 +570,52 @@ module Tina4
         resolved
       end
 
+      # Try `ruby -c` on a freshly-written Ruby file to catch syntax
+      # errors BEFORE the next request hits the broken handler.
+      # Mirrors _verify_python_import() in tina4_python/mcp/tools.py.
+      #
+      # Returns nil on success (or when verification is skipped), or
+      # the captured error string on failure. Only checks files under
+      # src/ that end in .rb — skips spec_helper.rb, *_spec.rb, and
+      # test_*.rb because those have their own loading patterns
+      # (mirrors Python's skip of __init__.py / conftest.py / test_*.py).
+      #
+      # Why this matters: the AI coder repeatedly produces Ruby with
+      # unclosed blocks, missing `end`, dangling parens. Running
+      # `ruby -c` right after write catches it inline and surfaces
+      # the real Ruby error in the file_write response — the LLM
+      # sees the error on its next turn and can retry with context.
+      verify_ruby_syntax = lambda do |rel_path|
+        next nil unless rel_path.end_with?(".rb")
+        next nil unless rel_path.start_with?("src/")
+        base = File.basename(rel_path)
+        next nil if base == "spec_helper.rb"
+        next nil if base.end_with?("_spec.rb")
+        next nil if base.start_with?("test_")
+
+        abs_path = File.expand_path(rel_path, project_root)
+        begin
+          stdout, stderr, status = Open3.capture3("ruby", "-c", abs_path)
+        rescue StandardError => e
+          next "verification subprocess failed: #{e.message}"
+        end
+
+        next nil if status.success?
+
+        # Pull the first meaningful stderr line — ruby -c emits
+        # "<file>:<line>: syntax error, ...". Strip the absolute
+        # path prefix for readability.
+        err_lines = (stderr || "").strip.split("\n")
+        if err_lines.empty?
+          next "syntax check failed (exit #{status.exitstatus}, no stderr)"
+        end
+        line = err_lines.first.strip
+        # Strip the absolute project_root prefix so the error reads
+        # as "src/routes/foo.rb:3: syntax error, ..." instead of the
+        # full /Users/... path.
+        line.sub("#{project_root}/", "")
+      end
+
       redact_env = lambda do |key, value|
         sensitive = %w[secret password token key credential api_key]
         if sensitive.any? { |s| key.downcase.include?(s) }
@@ -549,12 +700,55 @@ module Tina4
       }, "Read a project file")
 
       server.register_tool("file_write", lambda { |path:, content:|
+        # 1. Coder-path normalization — rewrite bare top-level Tina4
+        #    directories (templates/, routes/, orm/, ...) into their
+        #    src/ canonical form before resolving.
+        path = normalize_coder_path.call(path)
+        # 2. safe_path runs looks_like_prose then sandbox check.
         p = safe_path.call(path)
+
+        old_bytes = File.file?(p) ? File.binread(p) : ""
+        old_size = old_bytes.bytesize
+        old_lines = old_bytes.count("\n")
+        new_bytes = content.to_s
+        new_size = new_bytes.bytesize
+        new_lines = new_bytes.count("\n")
+        rel = p.start_with?("#{project_root}/") ? p.sub("#{project_root}/", "") : path
+
+        # 3. Truncation guard — refuse suspicious shrinkage on
+        #    non-trivial files (>200B → <30% of size).
+        if old_size > 200 && (new_size * 100) < (old_size * 30)
+          msg = "REFUSED #{rel} (would shrink #{old_size} → #{new_size} bytes / " \
+                "#{old_lines} → #{new_lines} lines, looks truncated)"
+          agent_log.call("write.refused", msg)
+          next { "error" => msg, "refused" => true, "old_bytes" => old_size, "new_bytes" => new_size }
+        end
+
+        # 4. Backup before overwrite.
+        backup_rel = old_size > 0 ? agent_backup.call(p) : nil
+
         FileUtils.mkdir_p(File.dirname(p))
-        File.write(p, content, encoding: "utf-8")
-        rel = p.sub("#{project_root}/", "")
-        { "written" => rel, "bytes" => content.bytesize }
-      }, "Write or update a project file")
+        File.write(p, new_bytes, encoding: "utf-8")
+
+        # 5. Audit log.
+        agent_log.call("write.ok",
+                       "#{rel} (#{old_size}B/#{old_lines}L → #{new_size}B/#{new_lines}L, " \
+                       "backup: #{backup_rel || '(no prior file)'})")
+
+        result = { "written" => rel, "bytes" => new_size }
+        result["backup"] = backup_rel if backup_rel
+
+        # 6. Post-write syntax check — catch hallucinated Ruby
+        #    (missing `end`, unclosed parens, etc.) before the next
+        #    request hits the broken handler.
+        err = verify_ruby_syntax.call(rel)
+        if err
+          result["import_error"] = err
+          agent_log.call("write.import_failed", "#{rel}: #{err}")
+        end
+
+        result
+      }, "Write or update a project file (with backup, truncation guard, audit log)")
 
       server.register_tool("file_list", lambda { |path: "."|
         p = safe_path.call(path)
@@ -706,25 +900,58 @@ module Tina4
 
       # ── File patch ────────────────────────────────────
       server.register_tool("file_patch", lambda { |path:, old_string:, new_string:, count: 1|
+        # 1. Normalize, 2. safe_path (which runs the prose check).
+        path = normalize_coder_path.call(path)
         p = safe_path.call(path)
-        return { "error" => "File not found: #{path}" } unless File.file?(p)
+
+        # 3. Existence check.
+        next { "error" => "File not found: #{path}" } unless File.file?(p)
+
         original = File.read(p, encoding: "utf-8")
         occurrences = original.scan(old_string).size
-        return { "error" => "old_string not found in #{path}" } if occurrences.zero?
+
+        # 4. Match-count guard (already-existing behaviour).
+        next { "error" => "old_string not found in #{path}" } if occurrences.zero?
         if occurrences != count.to_i
-          return { "error" => "old_string appears #{occurrences} times, expected #{count}. Expand old_string to make it unique, or set count explicitly." }
+          next({ "error" => "old_string appears #{occurrences} times, expected #{count}. Expand old_string to make it unique, or set count explicitly." })
         end
+
         updated = original.sub(old_string, new_string)
         # Ruby String#sub replaces first; if count > 1, do N replacements
         if count.to_i > 1
           updated = original.dup
           count.to_i.times { updated.sub!(old_string, new_string) }
         end
+
+        rel = p.start_with?("#{project_root}/") ? p.sub("#{project_root}/", "") : path
+
+        # 5. Backup before overwrite — same path layout as file_write
+        #    so recovery is uniform regardless of which tool touched
+        #    the file.
+        backup_rel = agent_backup.call(p)
+
         File.write(p, updated, encoding: "utf-8")
-        rel = p.sub("#{project_root}/", "")
+
         Tina4::Plan.record_action("patched", rel) if defined?(Tina4::Plan)
-        { "patched" => rel, "replacements" => count.to_i, "bytes" => updated.bytesize }
-      }, "Targeted edit: replace old_string with new_string in a file")
+
+        old_size = original.bytesize
+        new_size = updated.bytesize
+        agent_log.call("patch.ok",
+                       "#{rel} (replaced #{count.to_i}× old_string, " \
+                       "#{old_size}B → #{new_size}B, backup: #{backup_rel || '(none)'})")
+
+        result = { "patched" => rel, "replacements" => count.to_i, "bytes" => new_size }
+        result["backup"] = backup_rel if backup_rel
+
+        # Post-patch syntax check — same rationale as file_write.
+        err = verify_ruby_syntax.call(rel)
+        if err
+          result["import_error"] = err
+          agent_log.call("patch.import_failed", "#{rel}: #{err}")
+        end
+
+        result
+      }, "Targeted edit: replace old_string with new_string in a file (with backup + audit log)")
 
       # ── Docs tools ────────────────────────────────────
       framework_doc_paths = lambda do

data/lib/tina4/plan.rb

@@ -125,23 +125,51 @@ module Tina4
 
       # ── Public API ─────────────────────────────────────────────
 
+      # All plan files — merged from `plan/` (user-curated) and
+      # `.tina4/plans/` (where the Rust supervisor's planner writes).
+      #
+      # Two directories exist because of a historic split: the framework
+      # treats `plan/` as the canonical project location, but the Rust
+      # agent's planner writes to `.tina4/plans/` (alongside other
+      # AI-state artefacts like chat history). Until those are unified we
+      # read both so plans created either way are discoverable. Dedup by
+      # filename — plan/ wins on collision. Sorted newest-first by
+      # filename (filenames start with unix timestamps).
       def list_plans
-        d = plan_dir
         cur = current_name || ""
+        # Order matters for dedup: user-curated plan/ first, then .tina4/plans/.
+        dirs = []
+        primary = File.join(project_root, PLAN_DIR)
+        dirs << primary if Dir.exist?(primary)
+        rust_plans = File.join(project_root, ".tina4", "plans")
+        dirs << rust_plans if Dir.exist?(rust_plans)
+
+        seen = {}
         out = []
-        Dir.glob(File.join(d, "*.md")).sort.each do |path|
-          name = File.basename(path)
-          parsed = parse(File.read(path, encoding: "utf-8"))
-          total = parsed["steps"].size
-          done  = parsed["steps"].count { |s| s["done"] }
-          out << {
-            "name"        => name,
-            "title"       => parsed["title"].to_s.empty? ? File.basename(name, ".md") : parsed["title"],
-            "steps_total" => total,
-            "steps_done"  => done,
-            "is_current"  => name == cur
-          }
+        dirs.each do |dir|
+          Dir.glob(File.join(dir, "*.md")).sort.each do |path|
+            name = File.basename(path)
+            next if seen.key?(name) # plan/ wins over .tina4/plans/ on name clash
+            seen[name] = true
+            parsed = parse(File.read(path, encoding: "utf-8"))
+            total = parsed["steps"].size
+            done  = parsed["steps"].count { |s| s["done"] }
+            out << {
+              "name"        => name,
+              "title"       => parsed["title"].to_s.empty? ? File.basename(name, ".md") : parsed["title"],
+              "steps_total" => total,
+              "steps_done"  => done,
+              "is_current"  => name == cur,
+              # Relative path from project root — lets the SPA open the
+              # right file in the editor regardless of which dir the
+              # plan came from.
+              "path"        => path.sub("#{project_root}/", "")
+            }
+          end
         end
+        # Newest first by name (filenames start with unix timestamps).
+        out.sort_by! { |x| x["name"] }
+        out.reverse!
         out
       end
 

data/lib/tina4/public/__feedback/widget.js

@@ -0,0 +1,96 @@
+(function(){"use strict";(()=>{try{const t=window.location.pathname||"";return t.startsWith("/__dev")||t.startsWith("/__feedback")}catch{return!1}})()?console.info("tina4-feedback-widget: skipping on developer path"):window.__tina4FeedbackLoaded?console.warn("tina4-feedback-widget already loaded; skipping"):(window.__tina4FeedbackLoaded=!0,b());function b(){const c=(getComputedStyle(document.documentElement).getPropertyValue("--primary")||"").trim()||"#3b82f6";h(c);const l=m();document.body.appendChild(l);let e=null,u;const r=[];l.addEventListener("click",()=>{if(e){e.remove(),e=null,l.style.display="";return}e=g(),document.body.appendChild(e),l.style.display="none",setTimeout(()=>e?.querySelector("textarea")?.focus(),0)});function g(){const o=document.createElement("div");o.className="tina4-fb-modal",o.innerHTML=`
+      <div class="tina4-fb-head">
+        <span class="tina4-fb-title">Tell us what's not working</span>
+        <button type="button" class="tina4-fb-close" aria-label="Close">×</button>
+      </div>
+      <div class="tina4-fb-context">
+        <span>📍 ${p(location.pathname+location.search)}</span>
+        <span>📐 ${window.innerWidth}×${window.innerHeight}</span>
+      </div>
+      <div class="tina4-fb-chat" role="log"></div>
+      <form class="tina4-fb-form">
+        <textarea
+          rows="3"
+          placeholder="What's hard to use here? Be specific — which field, which button, what you expected."
+          aria-label="Feedback message"
+        ></textarea>
+        <button type="submit" class="tina4-fb-send">Send</button>
+      </form>
+    `,o.querySelector(".tina4-fb-close")?.addEventListener("click",()=>{o.remove(),e=null,l.style.display=""});const a=o.querySelector("form");return a.addEventListener("submit",n=>{n.preventDefault();const i=a.querySelector("textarea"),f=i.value.trim();f&&(i.value="",x(f))}),s(o),o}function s(o){const a=o.querySelector(".tina4-fb-chat");if(a){if(!r.length){a.innerHTML=`<div class="tina4-fb-hint">Your feedback lands directly with the team — no email loop. We'll ask a quick follow-up if we need to.</div>`;return}a.innerHTML=r.map(n=>`<div class="tina4-fb-msg ${n.role==="user"?"tina4-fb-user":"tina4-fb-ai"}">${p(n.text)}</div>`).join(""),a.scrollTop=a.scrollHeight}}async function x(o){if(!e)return;r.push({role:"user",text:o}),s(e),d(e,!0);const a={message:o,context:{url:location.pathname+location.search,viewport:`${window.innerWidth}x${window.innerHeight}`,ua:navigator.userAgent},conversation_id:u};let n;try{const i=await fetch("/__feedback/api/turn",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(a)});if(n=await i.json(),!i.ok){const f=n?.error||`HTTP ${i.status}`;r.push({role:"ai",text:`Couldn't send: ${f}`}),s(e),d(e,!1);return}}catch(i){r.push({role:"ai",text:`Network issue: ${i?.message||i}`}),s(e),d(e,!1);return}if("ask"in n)u=n.conversation_id,r.push({role:"ai",text:n.ask}),s(e),d(e,!1),e?.querySelector("textarea")?.focus();else if("final"in n)r.push({role:"ai",text:`Thanks — filed as: "${n.final.title}". The team will take it from here.`}),s(e),d(e,!1),u=void 0,r.length=0,setTimeout(()=>{e?.remove(),e=null,l.style.display=""},4500);else{const i=n?.error||"unexpected response";r.push({role:"ai",text:`Issue: ${i}`}),s(e),d(e,!1)}}function d(o,a){const n=o.querySelector(".tina4-fb-send"),i=o.querySelector("textarea");n&&(n.disabled=a,n.textContent=a?"Sending…":"Send"),i&&(i.disabled=a)}}function m(){const t=document.createElement("button");return t.type="button",t.className="tina4-fb-btn",t.setAttribute("aria-label","Send feedback"),t.innerHTML="💬",t.title="Tell us what's not working",t}function h(t){const c=document.createElement("style");c.id="tina4-fb-styles",c.textContent=`
+    .tina4-fb-btn {
+      position: fixed; bottom: 1.25rem; right: 1.25rem;
+      width: 48px; height: 48px; border-radius: 50%; border: none;
+      background: ${t}; color: white; font-size: 1.4rem;
+      box-shadow: 0 4px 12px rgba(0,0,0,0.18); cursor: pointer;
+      z-index: 2147483646; transition: transform 0.15s, box-shadow 0.15s;
+      display: flex; align-items: center; justify-content: center;
+      line-height: 1; padding: 0;
+    }
+    .tina4-fb-btn:hover { transform: scale(1.06); box-shadow: 0 6px 16px rgba(0,0,0,0.22); }
+    .tina4-fb-btn:active { transform: scale(0.96); }
+    .tina4-fb-modal {
+      position: fixed; bottom: 5rem; right: 1.25rem;
+      width: 340px; max-height: 480px; display: flex; flex-direction: column;
+      background: #1e1e2e; color: #cdd6f4;
+      border: 1px solid #313244; border-radius: 8px;
+      box-shadow: 0 8px 32px rgba(0,0,0,0.35);
+      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", system-ui, sans-serif;
+      font-size: 0.85rem; z-index: 2147483647;
+      animation: tina4-fb-in 0.18s ease-out;
+    }
+    @keyframes tina4-fb-in {
+      from { opacity: 0; transform: translateY(8px); }
+      to   { opacity: 1; transform: translateY(0); }
+    }
+    .tina4-fb-head {
+      display: flex; align-items: center; justify-content: space-between;
+      padding: 0.6rem 0.8rem; border-bottom: 1px solid #313244;
+    }
+    .tina4-fb-title { font-weight: 600; font-size: 0.9rem; }
+    .tina4-fb-close {
+      background: transparent; border: none; color: #9399b2;
+      font-size: 1.4rem; line-height: 1; cursor: pointer; padding: 0 0.2rem;
+    }
+    .tina4-fb-close:hover { color: #cdd6f4; }
+    .tina4-fb-context {
+      display: flex; gap: 0.6rem; padding: 0.4rem 0.8rem;
+      font-size: 0.7rem; color: #9399b2;
+      border-bottom: 1px solid #313244;
+      font-family: ui-monospace, "SF Mono", Menlo, monospace;
+    }
+    .tina4-fb-chat {
+      flex: 1; overflow-y: auto; padding: 0.5rem 0.8rem;
+      display: flex; flex-direction: column; gap: 0.4rem;
+      min-height: 80px; max-height: 280px;
+    }
+    .tina4-fb-hint {
+      font-size: 0.75rem; color: #9399b2; line-height: 1.4; padding: 0.3rem 0;
+    }
+    .tina4-fb-msg {
+      padding: 0.4rem 0.6rem; border-radius: 6px;
+      max-width: 85%; word-wrap: break-word; line-height: 1.35;
+    }
+    .tina4-fb-user { align-self: flex-end; background: ${t}; color: white; }
+    .tina4-fb-ai   { align-self: flex-start; background: #313244; }
+    .tina4-fb-form {
+      display: flex; flex-direction: column; gap: 0.4rem;
+      padding: 0.5rem 0.8rem 0.8rem; border-top: 1px solid #313244;
+    }
+    .tina4-fb-form textarea {
+      width: 100%; box-sizing: border-box; resize: vertical;
+      min-height: 60px; font-family: inherit; font-size: 0.82rem;
+      padding: 0.4rem 0.5rem; border: 1px solid #313244;
+      background: #11111b; color: #cdd6f4; border-radius: 4px;
+      line-height: 1.3;
+    }
+    .tina4-fb-form textarea:focus {
+      outline: none; border-color: ${t};
+    }
+    .tina4-fb-send {
+      align-self: flex-end; padding: 0.35rem 0.9rem;
+      background: ${t}; color: white; border: none; border-radius: 4px;
+      font-size: 0.8rem; font-weight: 500; cursor: pointer;
+    }
+    .tina4-fb-send:disabled { opacity: 0.55; cursor: wait; }
+    .tina4-fb-send:hover:not(:disabled) { filter: brightness(1.1); }
+  `,document.head.appendChild(c)}function p(t){return t.replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;").replace(/'/g,"&#39;")}})();

data/lib/tina4/rack_app.rb

@@ -43,8 +43,18 @@ module Tina4
       path = env["PATH_INFO"] || "/"
       request_start = Process.clock_gettime(Process::CLOCK_MONOTONIC)
 
-      # Fast-path: OPTIONS preflight
-      return Tina4::CorsMiddleware.preflight_response(env) if method == "OPTIONS"
+      # Fast-path: CORS preflight. Real CORS preflight requests carry an
+      # Origin header AND an Access-Control-Request-Method header — the
+      # browser is asking "may I send this method?" before the actual
+      # request. If neither is present, the OPTIONS is a plain protocol-
+      # introspection request (link checker, monitoring probe, RFC 9110
+      # §9.3.7 OPTIONS) and must fall through to the router's generic
+      # Allow-header response. Otherwise we'd shadow the framework's own
+      # OPTIONS support and force every operator to hand-register CORS
+      # exceptions for every introspection client.
+      if method == "OPTIONS" && (env["HTTP_ORIGIN"] || env["HTTP_ACCESS_CONTROL_REQUEST_METHOD"])
+        return Tina4::CorsMiddleware.preflight_response(env)
+      end
 
       # WebSocket upgrade — match against registered ws_routes
       if websocket_upgrade?(env)
@@ -65,6 +75,15 @@ module Tina4
         return dev_response if dev_response
       end
 
+      # Customer feedback widget routes (parity with Python's /__feedback/*
+      # surface — see tina4/feedback.rb). Always available — the master
+      # switch (TINA4_ENABLE_FEEDBACK) is enforced INSIDE handle_request
+      # so route shape stays stable across environments.
+      if path.start_with?("/__feedback")
+        fb_response = Tina4::Feedback.handle_request(env)
+        return fb_response if fb_response
+      end
+
       # Fast-path: API routes skip static file + swagger checks entirely
       unless path.start_with?("/api/")
         # Swagger
@@ -87,8 +106,43 @@ module Tina4
         rack_response = handle_route(env, route, path_params)
         matched_pattern = route.path
       else
-        rack_response = handle_404(path)
-        matched_pattern = nil
+        # RFC 9110 conformance — before falling through to 404, check whether
+        # the PATH is known to the router under any OTHER method.
+        #   - OPTIONS request → 204 with Allow header (§9.3.7)
+        #   - Any other method (PUT on GET-only, TRACE, CONNECT, etc.)
+        #     → 405 with Allow header (§15.5.6 + §10.2.1)
+        allowed = Tina4::Router.methods_allowed_for_path(path)
+        if !allowed.empty?
+          allow_header = allowed.join(", ")
+          if method.to_s.upcase == "OPTIONS"
+            rack_response = [204, { "allow" => allow_header, "content-length" => "0" }, [""]]
+          else
+            body = %({"error":"Method Not Allowed","path":"#{path}","method":"#{method}","allow":[#{allowed.map { |m| %("#{m}") }.join(",")}],"status":405})
+            rack_response = [405, {
+              "allow" => allow_header,
+              "content-type" => "application/json",
+              "content-length" => body.bytesize.to_s
+            }, [body]]
+          end
+          matched_pattern = nil
+        else
+          rack_response = handle_404(path)
+          matched_pattern = nil
+        end
+      end
+
+      # RFC 9110 §9.3.2: a HEAD response MUST NOT include content. Strip
+      # the body unconditionally and record what Content-Length the GET
+      # would have sent. Cache validators / link checkers / monitoring
+      # probes use that header to estimate sizes.
+      if method.to_s.upcase == "HEAD"
+        status, headers, body_parts = rack_response
+        joined = body_parts.respond_to?(:join) ? body_parts.join : body_parts.to_s
+        unless joined.empty?
+          new_headers = headers.dup
+          new_headers["content-length"] = joined.bytesize.to_s
+          rack_response = [status, new_headers, [""]]
+        end
       end
 
       # Capture request for dev inspector
@@ -118,6 +172,33 @@ module Tina4
         end
       end
 
+      # Customer feedback widget injection — runs LAST so its <script>
+      # tag survives any earlier post-processing. No-op if disabled
+      # (TINA4_ENABLE_FEEDBACK off), the user isn't whitelisted, the
+      # path is /__dev or /__feedback, or the body isn't text/html with
+      # a closing </body> tag. Mirrors Python's server.py call site —
+      # see tina4_python/core/server.py around line 1543.
+      begin
+        status, headers, body_parts = rack_response
+        content_type = headers["content-type"] || ""
+        if content_type.include?("text/html") && body_parts.respond_to?(:join)
+          joined = body_parts.join
+          if joined.include?("</body>")
+            injected = Tina4::Feedback.inject_feedback_widget(
+              Struct.new(:path, :env).new(path, env),
+              joined
+            )
+            if injected != joined
+              new_headers = headers.dup
+              new_headers["content-length"] = injected.bytesize.to_s if new_headers["content-length"]
+              rack_response = [status, new_headers, [injected]]
+            end
+          end
+        end
+      rescue StandardError
+        # Injection is best-effort — never break the response.
+      end
+
       # Save session and set cookie if session was used
       if result && defined?(rack_response)
         status, headers, body_parts = rack_response

data/lib/tina4/request.rb

@@ -75,13 +75,17 @@ module Tina4
       @body_parsed = nil
     end
 
-    # Full URL reconstruction
+    # Full absolute URL — scheme://host[:port]/path[?query].
+    # Honours X-Forwarded-Proto / X-Forwarded-Host so apps behind a proxy
+    # still see the URL the client used. Matches Python/PHP/Node parity.
     def url
-      scheme = env["rack.url_scheme"] || "http"
-      host = env["HTTP_HOST"] || env["SERVER_NAME"] || "localhost"
+      scheme = env["HTTP_X_FORWARDED_PROTO"] || env["rack.url_scheme"] || "http"
+      host = env["HTTP_X_FORWARDED_HOST"] || env["HTTP_HOST"] || env["SERVER_NAME"] || "localhost"
       port = env["SERVER_PORT"]
       url_str = "#{scheme}://#{host}"
-      url_str += ":#{port}" if port && port != "80" && port != "443"
+      # Only append :port when the host doesn't already include one
+      # (HTTP_HOST often does) and it's not the default for the scheme.
+      url_str += ":#{port}" if port && !host.include?(":") && port.to_s != "80" && port.to_s != "443"
       url_str += @path
       url_str += "?#{@query_string}" unless @query_string.empty?
       url_str