@bonginkan/maria 4.4.0 → 4.4.1

package/dist/server/express-server.cjs

@@ -9506,7 +9506,7 @@ app.get("/api/status", (req, res) => {
 app.get("/", (req, res) => {
   res.json({
     name: "MARIA CODE API",
-    version: "4.4.0",
+    version: "4.4.1",
     status: "running",
     environment: process.env.NODE_ENV || "development",
     endpoints: {
@@ -10043,12 +10043,18 @@ app.post("/api/v1/video", rateLimitMiddleware, async (req, res) => {
     }
     const requestedProvider = typeof reqProvider === "string" ? reqProvider.toLowerCase() : void 0;
     const requestedModel = typeof model === "string" ? String(model).trim().toLowerCase() : void 0;
+    const providerFromModel2 = (() => {
+      if (!requestedModel) return void 0;
+      if (requestedModel.startsWith("sora")) return "openai";
+      if (requestedModel.startsWith("veo") || requestedModel.startsWith("gemini")) return "google";
+      return void 0;
+    })();
     const openaiKey = process.env.OPENAI_API_KEY;
-    const preferOpenAI = requestedProvider === "openai" || requestedModel?.startsWith("sora") || isProOrAbove && !!openaiKey;
-    if (preferOpenAI && openaiKey) {
+    const goOpenAI = providerFromModel2 === "openai" || requestedProvider === "openai" || !providerFromModel2 && !requestedProvider && (isProOrAbove && !!openaiKey);
+    if (goOpenAI && openaiKey) {
       const OpenAI2 = (await import('openai')).default;
       const client = new OpenAI2({ apiKey: openaiKey });
-      const soraModel = requestedModel && requestedModel.length > 0 ? requestedModel : "sora-2";
+      const soraModel = requestedModel && requestedModel.startsWith("sora") ? requestedModel : "sora-2";
       const secondsStr = (() => {
         const d = Number(duration) || 8;
         if (d <= 4) return "4";
@@ -10740,6 +10746,136 @@ async function getFirestoreSafe() {
     return null;
   }
 }
+app.post("/api/v1/snapshots", rateLimitMiddleware, async (req, res) => {
+  try {
+    const auth = req.headers.authorization;
+    if (!auth || !auth.startsWith("Bearer ")) return res.status(401).json({ error: "unauthorized" });
+    const idToken = auth.substring("Bearer ".length).trim();
+    const decoded = await decodeFirebaseToken(idToken).catch(() => null);
+    if (!decoded) return res.status(401).json({ error: "unauthorized" });
+    const uid = decoded?.uid || decoded?.sub;
+    const { projectId, taskId, summary, decisions, artifacts, refs, resumePrompt } = req.body || {};
+    const pid = typeof projectId === "string" && projectId.trim() ? String(projectId).trim() : "default";
+    const tid = typeof taskId === "string" && taskId.trim() ? String(taskId).trim() : "";
+    const sum = typeof summary === "string" && summary.trim() ? String(summary).trim() : "";
+    try {
+      console.log("[Snapshots][POST] incoming", { uid: String(uid).slice(0, 8) + "\u2026", projectId: pid, taskId: tid, hasSummary: !!sum });
+    } catch {
+    }
+    if (!tid || !sum) return res.status(400).json({ error: "bad_request", message: "taskId and summary are required" });
+    const db = await getFirestoreSafe();
+    if (!db) return res.status(503).json({ error: "unavailable", message: "database is not configured" });
+    const tsId = (/* @__PURE__ */ new Date()).toISOString().replace(/[-:]/g, "").split(".")[0] + "Z";
+    const userRef = db.collection("users").doc(uid);
+    const projRef = userRef.collection("projects").doc(pid);
+    const taskRef = projRef.collection("tasks").doc(tid);
+    const ref = taskRef.collection("snapshots").doc(tsId);
+    const nowISO = (/* @__PURE__ */ new Date()).toISOString();
+    try {
+      await Promise.all([
+        userRef.set({ updatedAt: nowISO }, { merge: true }),
+        projRef.set({ projectId: pid, updatedAt: nowISO }, { merge: true }),
+        taskRef.set({ taskId: tid, updatedAt: nowISO }, { merge: true })
+      ]);
+    } catch (e2) {
+      try {
+        console.warn("[Snapshots][POST] parent set warn:", e2?.message || String(e2));
+      } catch {
+      }
+    }
+    await ref.set({
+      snapshotVersion: 1,
+      uid,
+      projectId: pid,
+      taskId: tid,
+      timestamp: nowISO,
+      summary: sum,
+      decisions: Array.isArray(decisions) ? decisions.slice(0, 50).map(String) : [],
+      artifacts: Array.isArray(artifacts) ? artifacts.slice(0, 200).map(String) : [],
+      links: Array.isArray(refs) ? refs.slice(0, 200).map((r2) => ({ type: "fs", ref: String(r2) })) : [],
+      resumePrompt: typeof resumePrompt === "string" ? String(resumePrompt) : ""
+    });
+    try {
+      console.log("[Snapshots][POST] saved", { path: `users/${uid}/projects/${pid}/tasks/${tid}/snapshots/${tsId}` });
+    } catch {
+    }
+    return res.json({ success: true });
+  } catch (e2) {
+    try {
+      console.error("[Snapshots][POST] error:", e2?.message || String(e2));
+    } catch {
+    }
+    return res.status(500).json({ error: "internal_error" });
+  }
+});
+app.get("/api/v1/get-snapshots", rateLimitMiddleware, async (req, res) => {
+  try {
+    const auth = req.headers.authorization;
+    if (!auth || !auth.startsWith("Bearer ")) return res.status(401).json({ error: "unauthorized" });
+    const idToken = auth.substring("Bearer ".length).trim();
+    const decoded = await decodeFirebaseToken(idToken).catch(() => null);
+    if (!decoded) return res.status(401).json({ error: "unauthorized" });
+    const uid = decoded?.uid || decoded?.sub;
+    const projectId = typeof req.query.projectId === "string" && req.query.projectId.trim() ? String(req.query.projectId).trim() : "default";
+    const taskId = typeof req.query.taskId === "string" && req.query.taskId.trim() ? String(req.query.taskId).trim() : void 0;
+    const dateISO = typeof req.query.date === "string" && req.query.date.trim() ? String(req.query.date).trim() : void 0;
+    const limit = Number.isFinite(Number(req.query.limit)) ? Math.max(1, Math.min(50, Number(req.query.limit))) : 5;
+    const db = await getFirestoreSafe();
+    if (!db) return res.status(503).json({ error: "unavailable", message: "database is not configured" });
+    let docs = [];
+    if (taskId) {
+      const q = db.collection("users").doc(uid).collection("projects").doc(projectId).collection("tasks").doc(taskId).collection("snapshots").orderBy("timestamp", "desc").limit(limit);
+      const ss = await q.get();
+      docs = ss.docs.map((d) => d.data());
+    } else if (dateISO) {
+      const start = new Date(dateISO).toISOString();
+      const end = new Date(new Date(dateISO).getTime() + 24 * 60 * 60 * 1e3).toISOString();
+      try {
+        const ss = await db.collectionGroup("snapshots").where("uid", "==", uid).where("projectId", "==", projectId).where("timestamp", ">=", start).where("timestamp", "<", end).orderBy("timestamp", "desc").limit(limit).get();
+        docs = ss.docs.map((d) => d.data());
+      } catch (e2) {
+        const projRef = db.collection("users").doc(uid).collection("projects").doc(projectId);
+        const tasksSnap = await projRef.collection("tasks").get();
+        const collected = [];
+        for (const t2 of tasksSnap.docs) {
+          try {
+            const snaps = await t2.ref.collection("snapshots").orderBy("timestamp", "desc").limit(50).get();
+            for (const s2 of snaps.docs) {
+              const data = s2.data();
+              const ts = String(data?.timestamp || "");
+              if (ts >= start && ts < end) collected.push(data);
+            }
+          } catch {
+          }
+        }
+        collected.sort((a, b) => String(b?.timestamp || "").localeCompare(String(a?.timestamp || "")));
+        docs = collected.slice(0, limit);
+      }
+    } else {
+      try {
+        const ss = await db.collectionGroup("snapshots").where("uid", "==", uid).where("projectId", "==", projectId).orderBy("timestamp", "desc").limit(limit).get();
+        docs = ss.docs.map((d) => d.data());
+      } catch (e2) {
+        const projRef = db.collection("users").doc(uid).collection("projects").doc(projectId);
+        const tasksSnap = await projRef.collection("tasks").get();
+        const perTaskTop = [];
+        for (const t2 of tasksSnap.docs) {
+          try {
+            const snaps = await t2.ref.collection("snapshots").orderBy("timestamp", "desc").limit(Math.max(1, Math.ceil(limit / Math.max(1, tasksSnap.size)))).get();
+            for (const s2 of snaps.docs) perTaskTop.push(s2.data());
+          } catch {
+          }
+        }
+        perTaskTop.sort((a, b) => String(b?.timestamp || "").localeCompare(String(a?.timestamp || "")));
+        docs = perTaskTop.slice(0, limit);
+      }
+    }
+    return res.json({ success: true, data: { snapshots: docs } });
+  } catch (e2) {
+    console.error("[Snapshots] GET error", e2);
+    return res.status(500).json({ error: "internal_error" });
+  }
+});
 app.get("/api/v1/usage", rateLimitMiddleware, async (req, res) => {
   try {
     const auth = req.headers.authorization;

package/dist/server/express-server.js

@@ -9506,7 +9506,7 @@ app.get("/api/status", (req, res) => {
 app.get("/", (req, res) => {
   res.json({
     name: "MARIA CODE API",
-    version: "4.4.0",
+    version: "4.4.1",
     status: "running",
     environment: process.env.NODE_ENV || "development",
     endpoints: {
@@ -10043,12 +10043,18 @@ app.post("/api/v1/video", rateLimitMiddleware, async (req, res) => {
     }
     const requestedProvider = typeof reqProvider === "string" ? reqProvider.toLowerCase() : void 0;
     const requestedModel = typeof model === "string" ? String(model).trim().toLowerCase() : void 0;
+    const providerFromModel2 = (() => {
+      if (!requestedModel) return void 0;
+      if (requestedModel.startsWith("sora")) return "openai";
+      if (requestedModel.startsWith("veo") || requestedModel.startsWith("gemini")) return "google";
+      return void 0;
+    })();
     const openaiKey = process.env.OPENAI_API_KEY;
-    const preferOpenAI = requestedProvider === "openai" || requestedModel?.startsWith("sora") || isProOrAbove && !!openaiKey;
-    if (preferOpenAI && openaiKey) {
+    const goOpenAI = providerFromModel2 === "openai" || requestedProvider === "openai" || !providerFromModel2 && !requestedProvider && (isProOrAbove && !!openaiKey);
+    if (goOpenAI && openaiKey) {
       const OpenAI2 = (await import('openai')).default;
       const client = new OpenAI2({ apiKey: openaiKey });
-      const soraModel = requestedModel && requestedModel.length > 0 ? requestedModel : "sora-2";
+      const soraModel = requestedModel && requestedModel.startsWith("sora") ? requestedModel : "sora-2";
       const secondsStr = (() => {
         const d = Number(duration) || 8;
         if (d <= 4) return "4";
@@ -10740,6 +10746,136 @@ async function getFirestoreSafe() {
     return null;
   }
 }
+app.post("/api/v1/snapshots", rateLimitMiddleware, async (req, res) => {
+  try {
+    const auth = req.headers.authorization;
+    if (!auth || !auth.startsWith("Bearer ")) return res.status(401).json({ error: "unauthorized" });
+    const idToken = auth.substring("Bearer ".length).trim();
+    const decoded = await decodeFirebaseToken(idToken).catch(() => null);
+    if (!decoded) return res.status(401).json({ error: "unauthorized" });
+    const uid = decoded?.uid || decoded?.sub;
+    const { projectId, taskId, summary, decisions, artifacts, refs, resumePrompt } = req.body || {};
+    const pid = typeof projectId === "string" && projectId.trim() ? String(projectId).trim() : "default";
+    const tid = typeof taskId === "string" && taskId.trim() ? String(taskId).trim() : "";
+    const sum = typeof summary === "string" && summary.trim() ? String(summary).trim() : "";
+    try {
+      console.log("[Snapshots][POST] incoming", { uid: String(uid).slice(0, 8) + "\u2026", projectId: pid, taskId: tid, hasSummary: !!sum });
+    } catch {
+    }
+    if (!tid || !sum) return res.status(400).json({ error: "bad_request", message: "taskId and summary are required" });
+    const db = await getFirestoreSafe();
+    if (!db) return res.status(503).json({ error: "unavailable", message: "database is not configured" });
+    const tsId = (/* @__PURE__ */ new Date()).toISOString().replace(/[-:]/g, "").split(".")[0] + "Z";
+    const userRef = db.collection("users").doc(uid);
+    const projRef = userRef.collection("projects").doc(pid);
+    const taskRef = projRef.collection("tasks").doc(tid);
+    const ref = taskRef.collection("snapshots").doc(tsId);
+    const nowISO = (/* @__PURE__ */ new Date()).toISOString();
+    try {
+      await Promise.all([
+        userRef.set({ updatedAt: nowISO }, { merge: true }),
+        projRef.set({ projectId: pid, updatedAt: nowISO }, { merge: true }),
+        taskRef.set({ taskId: tid, updatedAt: nowISO }, { merge: true })
+      ]);
+    } catch (e2) {
+      try {
+        console.warn("[Snapshots][POST] parent set warn:", e2?.message || String(e2));
+      } catch {
+      }
+    }
+    await ref.set({
+      snapshotVersion: 1,
+      uid,
+      projectId: pid,
+      taskId: tid,
+      timestamp: nowISO,
+      summary: sum,
+      decisions: Array.isArray(decisions) ? decisions.slice(0, 50).map(String) : [],
+      artifacts: Array.isArray(artifacts) ? artifacts.slice(0, 200).map(String) : [],
+      links: Array.isArray(refs) ? refs.slice(0, 200).map((r2) => ({ type: "fs", ref: String(r2) })) : [],
+      resumePrompt: typeof resumePrompt === "string" ? String(resumePrompt) : ""
+    });
+    try {
+      console.log("[Snapshots][POST] saved", { path: `users/${uid}/projects/${pid}/tasks/${tid}/snapshots/${tsId}` });
+    } catch {
+    }
+    return res.json({ success: true });
+  } catch (e2) {
+    try {
+      console.error("[Snapshots][POST] error:", e2?.message || String(e2));
+    } catch {
+    }
+    return res.status(500).json({ error: "internal_error" });
+  }
+});
+app.get("/api/v1/get-snapshots", rateLimitMiddleware, async (req, res) => {
+  try {
+    const auth = req.headers.authorization;
+    if (!auth || !auth.startsWith("Bearer ")) return res.status(401).json({ error: "unauthorized" });
+    const idToken = auth.substring("Bearer ".length).trim();
+    const decoded = await decodeFirebaseToken(idToken).catch(() => null);
+    if (!decoded) return res.status(401).json({ error: "unauthorized" });
+    const uid = decoded?.uid || decoded?.sub;
+    const projectId = typeof req.query.projectId === "string" && req.query.projectId.trim() ? String(req.query.projectId).trim() : "default";
+    const taskId = typeof req.query.taskId === "string" && req.query.taskId.trim() ? String(req.query.taskId).trim() : void 0;
+    const dateISO = typeof req.query.date === "string" && req.query.date.trim() ? String(req.query.date).trim() : void 0;
+    const limit = Number.isFinite(Number(req.query.limit)) ? Math.max(1, Math.min(50, Number(req.query.limit))) : 5;
+    const db = await getFirestoreSafe();
+    if (!db) return res.status(503).json({ error: "unavailable", message: "database is not configured" });
+    let docs = [];
+    if (taskId) {
+      const q = db.collection("users").doc(uid).collection("projects").doc(projectId).collection("tasks").doc(taskId).collection("snapshots").orderBy("timestamp", "desc").limit(limit);
+      const ss = await q.get();
+      docs = ss.docs.map((d) => d.data());
+    } else if (dateISO) {
+      const start = new Date(dateISO).toISOString();
+      const end = new Date(new Date(dateISO).getTime() + 24 * 60 * 60 * 1e3).toISOString();
+      try {
+        const ss = await db.collectionGroup("snapshots").where("uid", "==", uid).where("projectId", "==", projectId).where("timestamp", ">=", start).where("timestamp", "<", end).orderBy("timestamp", "desc").limit(limit).get();
+        docs = ss.docs.map((d) => d.data());
+      } catch (e2) {
+        const projRef = db.collection("users").doc(uid).collection("projects").doc(projectId);
+        const tasksSnap = await projRef.collection("tasks").get();
+        const collected = [];
+        for (const t2 of tasksSnap.docs) {
+          try {
+            const snaps = await t2.ref.collection("snapshots").orderBy("timestamp", "desc").limit(50).get();
+            for (const s2 of snaps.docs) {
+              const data = s2.data();
+              const ts = String(data?.timestamp || "");
+              if (ts >= start && ts < end) collected.push(data);
+            }
+          } catch {
+          }
+        }
+        collected.sort((a, b) => String(b?.timestamp || "").localeCompare(String(a?.timestamp || "")));
+        docs = collected.slice(0, limit);
+      }
+    } else {
+      try {
+        const ss = await db.collectionGroup("snapshots").where("uid", "==", uid).where("projectId", "==", projectId).orderBy("timestamp", "desc").limit(limit).get();
+        docs = ss.docs.map((d) => d.data());
+      } catch (e2) {
+        const projRef = db.collection("users").doc(uid).collection("projects").doc(projectId);
+        const tasksSnap = await projRef.collection("tasks").get();
+        const perTaskTop = [];
+        for (const t2 of tasksSnap.docs) {
+          try {
+            const snaps = await t2.ref.collection("snapshots").orderBy("timestamp", "desc").limit(Math.max(1, Math.ceil(limit / Math.max(1, tasksSnap.size)))).get();
+            for (const s2 of snaps.docs) perTaskTop.push(s2.data());
+          } catch {
+          }
+        }
+        perTaskTop.sort((a, b) => String(b?.timestamp || "").localeCompare(String(a?.timestamp || "")));
+        docs = perTaskTop.slice(0, limit);
+      }
+    }
+    return res.json({ success: true, data: { snapshots: docs } });
+  } catch (e2) {
+    console.error("[Snapshots] GET error", e2);
+    return res.status(500).json({ error: "internal_error" });
+  }
+});
 app.get("/api/v1/usage", rateLimitMiddleware, async (req, res) => {
   try {
     const auth = req.headers.authorization;

package/dist/server-express.cjs

@@ -9506,7 +9506,7 @@ app.get("/api/status", (req, res) => {
 app.get("/", (req, res) => {
   res.json({
     name: "MARIA CODE API",
-    version: "4.4.0",
+    version: "4.4.1",
     status: "running",
     environment: process.env.NODE_ENV || "development",
     endpoints: {
@@ -10043,12 +10043,18 @@ app.post("/api/v1/video", rateLimitMiddleware, async (req, res) => {
     }
     const requestedProvider = typeof reqProvider === "string" ? reqProvider.toLowerCase() : void 0;
     const requestedModel = typeof model === "string" ? String(model).trim().toLowerCase() : void 0;
+    const providerFromModel2 = (() => {
+      if (!requestedModel) return void 0;
+      if (requestedModel.startsWith("sora")) return "openai";
+      if (requestedModel.startsWith("veo") || requestedModel.startsWith("gemini")) return "google";
+      return void 0;
+    })();
     const openaiKey = process.env.OPENAI_API_KEY;
-    const preferOpenAI = requestedProvider === "openai" || requestedModel?.startsWith("sora") || isProOrAbove && !!openaiKey;
-    if (preferOpenAI && openaiKey) {
+    const goOpenAI = providerFromModel2 === "openai" || requestedProvider === "openai" || !providerFromModel2 && !requestedProvider && (isProOrAbove && !!openaiKey);
+    if (goOpenAI && openaiKey) {
       const OpenAI2 = (await import('openai')).default;
       const client = new OpenAI2({ apiKey: openaiKey });
-      const soraModel = requestedModel && requestedModel.length > 0 ? requestedModel : "sora-2";
+      const soraModel = requestedModel && requestedModel.startsWith("sora") ? requestedModel : "sora-2";
       const secondsStr = (() => {
         const d = Number(duration) || 8;
         if (d <= 4) return "4";
@@ -10740,6 +10746,136 @@ async function getFirestoreSafe() {
     return null;
   }
 }
+app.post("/api/v1/snapshots", rateLimitMiddleware, async (req, res) => {
+  try {
+    const auth = req.headers.authorization;
+    if (!auth || !auth.startsWith("Bearer ")) return res.status(401).json({ error: "unauthorized" });
+    const idToken = auth.substring("Bearer ".length).trim();
+    const decoded = await decodeFirebaseToken(idToken).catch(() => null);
+    if (!decoded) return res.status(401).json({ error: "unauthorized" });
+    const uid = decoded?.uid || decoded?.sub;
+    const { projectId, taskId, summary, decisions, artifacts, refs, resumePrompt } = req.body || {};
+    const pid = typeof projectId === "string" && projectId.trim() ? String(projectId).trim() : "default";
+    const tid = typeof taskId === "string" && taskId.trim() ? String(taskId).trim() : "";
+    const sum = typeof summary === "string" && summary.trim() ? String(summary).trim() : "";
+    try {
+      console.log("[Snapshots][POST] incoming", { uid: String(uid).slice(0, 8) + "\u2026", projectId: pid, taskId: tid, hasSummary: !!sum });
+    } catch {
+    }
+    if (!tid || !sum) return res.status(400).json({ error: "bad_request", message: "taskId and summary are required" });
+    const db = await getFirestoreSafe();
+    if (!db) return res.status(503).json({ error: "unavailable", message: "database is not configured" });
+    const tsId = (/* @__PURE__ */ new Date()).toISOString().replace(/[-:]/g, "").split(".")[0] + "Z";
+    const userRef = db.collection("users").doc(uid);
+    const projRef = userRef.collection("projects").doc(pid);
+    const taskRef = projRef.collection("tasks").doc(tid);
+    const ref = taskRef.collection("snapshots").doc(tsId);
+    const nowISO = (/* @__PURE__ */ new Date()).toISOString();
+    try {
+      await Promise.all([
+        userRef.set({ updatedAt: nowISO }, { merge: true }),
+        projRef.set({ projectId: pid, updatedAt: nowISO }, { merge: true }),
+        taskRef.set({ taskId: tid, updatedAt: nowISO }, { merge: true })
+      ]);
+    } catch (e2) {
+      try {
+        console.warn("[Snapshots][POST] parent set warn:", e2?.message || String(e2));
+      } catch {
+      }
+    }
+    await ref.set({
+      snapshotVersion: 1,
+      uid,
+      projectId: pid,
+      taskId: tid,
+      timestamp: nowISO,
+      summary: sum,
+      decisions: Array.isArray(decisions) ? decisions.slice(0, 50).map(String) : [],
+      artifacts: Array.isArray(artifacts) ? artifacts.slice(0, 200).map(String) : [],
+      links: Array.isArray(refs) ? refs.slice(0, 200).map((r2) => ({ type: "fs", ref: String(r2) })) : [],
+      resumePrompt: typeof resumePrompt === "string" ? String(resumePrompt) : ""
+    });
+    try {
+      console.log("[Snapshots][POST] saved", { path: `users/${uid}/projects/${pid}/tasks/${tid}/snapshots/${tsId}` });
+    } catch {
+    }
+    return res.json({ success: true });
+  } catch (e2) {
+    try {
+      console.error("[Snapshots][POST] error:", e2?.message || String(e2));
+    } catch {
+    }
+    return res.status(500).json({ error: "internal_error" });
+  }
+});
+app.get("/api/v1/get-snapshots", rateLimitMiddleware, async (req, res) => {
+  try {
+    const auth = req.headers.authorization;
+    if (!auth || !auth.startsWith("Bearer ")) return res.status(401).json({ error: "unauthorized" });
+    const idToken = auth.substring("Bearer ".length).trim();
+    const decoded = await decodeFirebaseToken(idToken).catch(() => null);
+    if (!decoded) return res.status(401).json({ error: "unauthorized" });
+    const uid = decoded?.uid || decoded?.sub;
+    const projectId = typeof req.query.projectId === "string" && req.query.projectId.trim() ? String(req.query.projectId).trim() : "default";
+    const taskId = typeof req.query.taskId === "string" && req.query.taskId.trim() ? String(req.query.taskId).trim() : void 0;
+    const dateISO = typeof req.query.date === "string" && req.query.date.trim() ? String(req.query.date).trim() : void 0;
+    const limit = Number.isFinite(Number(req.query.limit)) ? Math.max(1, Math.min(50, Number(req.query.limit))) : 5;
+    const db = await getFirestoreSafe();
+    if (!db) return res.status(503).json({ error: "unavailable", message: "database is not configured" });
+    let docs = [];
+    if (taskId) {
+      const q = db.collection("users").doc(uid).collection("projects").doc(projectId).collection("tasks").doc(taskId).collection("snapshots").orderBy("timestamp", "desc").limit(limit);
+      const ss = await q.get();
+      docs = ss.docs.map((d) => d.data());
+    } else if (dateISO) {
+      const start = new Date(dateISO).toISOString();
+      const end = new Date(new Date(dateISO).getTime() + 24 * 60 * 60 * 1e3).toISOString();
+      try {
+        const ss = await db.collectionGroup("snapshots").where("uid", "==", uid).where("projectId", "==", projectId).where("timestamp", ">=", start).where("timestamp", "<", end).orderBy("timestamp", "desc").limit(limit).get();
+        docs = ss.docs.map((d) => d.data());
+      } catch (e2) {
+        const projRef = db.collection("users").doc(uid).collection("projects").doc(projectId);
+        const tasksSnap = await projRef.collection("tasks").get();
+        const collected = [];
+        for (const t2 of tasksSnap.docs) {
+          try {
+            const snaps = await t2.ref.collection("snapshots").orderBy("timestamp", "desc").limit(50).get();
+            for (const s2 of snaps.docs) {
+              const data = s2.data();
+              const ts = String(data?.timestamp || "");
+              if (ts >= start && ts < end) collected.push(data);
+            }
+          } catch {
+          }
+        }
+        collected.sort((a, b) => String(b?.timestamp || "").localeCompare(String(a?.timestamp || "")));
+        docs = collected.slice(0, limit);
+      }
+    } else {
+      try {
+        const ss = await db.collectionGroup("snapshots").where("uid", "==", uid).where("projectId", "==", projectId).orderBy("timestamp", "desc").limit(limit).get();
+        docs = ss.docs.map((d) => d.data());
+      } catch (e2) {
+        const projRef = db.collection("users").doc(uid).collection("projects").doc(projectId);
+        const tasksSnap = await projRef.collection("tasks").get();
+        const perTaskTop = [];
+        for (const t2 of tasksSnap.docs) {
+          try {
+            const snaps = await t2.ref.collection("snapshots").orderBy("timestamp", "desc").limit(Math.max(1, Math.ceil(limit / Math.max(1, tasksSnap.size)))).get();
+            for (const s2 of snaps.docs) perTaskTop.push(s2.data());
+          } catch {
+          }
+        }
+        perTaskTop.sort((a, b) => String(b?.timestamp || "").localeCompare(String(a?.timestamp || "")));
+        docs = perTaskTop.slice(0, limit);
+      }
+    }
+    return res.json({ success: true, data: { snapshots: docs } });
+  } catch (e2) {
+    console.error("[Snapshots] GET error", e2);
+    return res.status(500).json({ error: "internal_error" });
+  }
+});
 app.get("/api/v1/usage", rateLimitMiddleware, async (req, res) => {
   try {
     const auth = req.headers.authorization;