npm - @docyrus/docyrus - Versions diffs - 0.0.41 → 0.0.43 - Mend

@docyrus/docyrus 0.0.41 → 0.0.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/resources/pi-agent/skills/docyrus-app-dev-react/SKILL.md CHANGED Viewed

@@ -24,7 +24,7 @@ Use this skill when you are:
 - Setting up authentication with `@docyrus/signin`
 - Bootstrapping tenant-aware runtime utilities with `@docyrus/app-utils`
 - Fetching or mutating data with generated collections or `@docyrus/api-client`
-- Persisting app-level config or saved grid views with `AppConfig` and `DataViews`
+- Persisting app-level config or user-level config or saved grid views with `AppConfig`, `UserAppConfig`, and `DataViews`
 - Building record sharing, role management, or ACL-driven UI flows
 - Designing feature UIs such as dashboards, forms, tables, layouts, dialogs, analytics, or detail pages
 - Selecting between shadcn, diceui, animate-ui, docyrus-ui, and reui components
@@ -36,7 +36,7 @@ Use this skill when you are:
 2. Bootstrap `TenantPreferences`, date/number utilities, and shared app runtime helpers from `@docyrus/app-utils`.
 3. Use generated Docyrus collection hooks or the REST client for data access.
 4. Define `columns`, filters, formulas, child queries, and mutations correctly.
-5. Use `AppConfig` for per-app persisted settings and `DataViews` for saved grid views.
+5. Use `AppConfig` for per-app persisted settings, `UserAppConfig` for per-user per-app settings, and `DataViews` for saved grid views.
 6. Check preferred UI components before building anything custom.
 7. Use Docyrus form and detail patterns for create, edit, item detail, and editable grid flows.
 8. Connect UI actions to TanStack Query mutations and invalidate relevant queries.
@@ -81,6 +81,7 @@ Use `@docyrus/app-utils` as the default runtime layer for tenant-level formattin
 ```tsx
 import {
   createAppConfigClient,
+  createUserAppConfigClient,
   createDataViewClient,
   createDateUtils,
   createNumberUtils,
@@ -109,6 +110,7 @@ function useAppRuntime(appId: string) {
         }),
         numberUtils: createNumberUtils({ preferences }),
         appConfig: createAppConfigClient(client!, appId),
+        userConfig: createUserAppConfigClient(client!, appId),
         dataViews: createDataViewClient(client!, appId),
       }
     },
@@ -121,6 +123,7 @@ Use this runtime to:
 - Format dates and datetimes with tenant format strings and the user's timezone.
 - Format numbers, currency-like values, and decimals using tenant separators and precision.
 - Read and upsert the app's single persisted `AppConfig` document.
+- Read and upsert the current user's `UserAppConfig` document (per-user per-app settings).
 - Read and persist saved grid views through `DataViews`.
 ### Data fetching with generated collections
@@ -187,17 +190,18 @@ Use `DataGridViewSelect` as the default saved-view UI for Docyrus grids, and per
 8. **Initialize `TenantPreferences` once per app runtime** and create shared `dateUtils` / `numberUtils` instances from `@docyrus/app-utils`.
 9. **Formatting functions from `@docyrus/app-utils` are regionalized** — do not hardcode locale, date format, decimal separator, thousand separator, or decimal precision when tenant preferences should drive them.
 10. **Use `createAppConfigClient(client, appId)`** for the app's single persisted config document; `upsert` is the default write path.
-11. **Use `createDataViewClient(client, appId)`** for saved grid-view CRUD.
-12. **Use `DataViews` with `DataGridViewSelect`** to show, create, edit, reorder, hide, unhide, soft-delete, and hard-delete saved data grid views.
-13. **`DataGridViewSelect` needs a TanStack table instance** and should receive `fields` when you want the built-in filter builder/editor experience.
-14. **Data view creation requires `name` and `tenant_data_source_id`**.
-15. **Use `dataViews.update(viewId, { archived: true })` for soft-delete** and `dataViews.remove(viewId)` only for irreversible hard-delete.
-16. **Regenerate collections after schema changes** by rebuilding the tenant OpenAPI spec, downloading the latest `openapi.json`, and re-running the collection generator.
-17. **ACL endpoints are usually raw-client integrations** — use `useDocyrusClient()` or `RestApiClient` for roles, user-role assignments, role queries, record sharing, and ownership transfer.
-18. **Prefer role `uid` values** for ACL role writes, user-role `roleIds`, and role-query `roleIds`.
-19. **Treat `PUT /v1/users/acl/users/:userId/roles` as full replacement** and `POST /v1/users/acl/users/:userId/roles` as additive.
-20. **Send role-query `query` as raw JSON** and omit `tenantAppId` when `dataSourceId` is present; backend derives it.
-21. **After deleting a role, invalidate dependent app queries** for role lists, user-role lists, role-query lists, and any UI that renders primary-role labels.
+11. **Use `createUserAppConfigClient(client, appId)`** for the current user's persisted config document scoped to an app (e.g. theme, layout preferences, sidebar state); `upsert` is the default write path.
+12. **Use `createDataViewClient(client, appId)`** for saved grid-view CRUD.
+13. **Use `DataViews` with `DataGridViewSelect`** to show, create, edit, reorder, hide, unhide, soft-delete, and hard-delete saved data grid views.
+14. **`DataGridViewSelect` needs a TanStack table instance** and should receive `fields` when you want the built-in filter builder/editor experience.
+15. **Data view creation requires `name` and `tenant_data_source_id`**.
+16. **Use `dataViews.update(viewId, { archived: true })` for soft-delete** and `dataViews.remove(viewId)` only for irreversible hard-delete.
+17. **Regenerate collections after schema changes** by rebuilding the tenant OpenAPI spec, downloading the latest `openapi.json`, and re-running the collection generator.
+18. **ACL endpoints are usually raw-client integrations** — use `useDocyrusClient()` or `RestApiClient` for roles, user-role assignments, role queries, record sharing, and ownership transfer.
+19. **Prefer role `uid` values** for ACL role writes, user-role `roleIds`, and role-query `roleIds`.
+20. **Treat `PUT /v1/users/acl/users/:userId/roles` as full replacement** and `POST /v1/users/acl/users/:userId/roles` as additive.
+21. **Send role-query `query` as raw JSON** and omit `tenantAppId` when `dataSourceId` is present; backend derives it.
+22. **After deleting a role, invalidate dependent app queries** for role lists, user-role lists, role-query lists, and any UI that renders primary-role labels.
 ## Critical UI/UX Rules

package/resources/pi-agent/skills/docyrus-platform/references/docyrus-cli-usage.md CHANGED Viewed

@@ -349,6 +349,79 @@ Search endpoint paths and entity names.
 ---
+## connect — Connector & Action Commands
+### `docyrus connect list-connectors`
+List available integration connectors.
+| Option | Type | Default | Description |
+|---|---|---|---|
+| `--q` | string | — | Keyword search on name, slug, or description |
+| `--limit` | number | 100 | Max results |
+| `--offset` | number | 0 | Result offset |
+### `docyrus connect get-connector <slug>`
+Get connector details with data sources and actions.
+| Argument | Type | Required | Description |
+|---|---|---|---|
+| `slug` | string | yes | Data provider slug (e.g., `msgraph`) |
+### `docyrus connect get-action <slug> <actionKey>`
+Get connector action details including input/output schemas.
+| Argument | Type | Required | Description |
+|---|---|---|---|
+| `slug` | string | yes | Data provider slug (e.g., `msgraph`) |
+| `actionKey` | string | yes | Action key (e.g., `sendEmailWithOutlook`) |
+### `docyrus connect list-connections <slug>`
+Get tenant and user connections for a connector.
+| Argument | Type | Required | Description |
+|---|---|---|---|
+| `slug` | string | yes | Data provider slug (e.g., `msgraph`) |
+### `docyrus connect curl <slug> <endpoint>`
+Send an HTTP request through a connector's provider auth.
+| Argument | Type | Required | Description |
+|---|---|---|---|
+| `slug` | string | yes | Data provider slug (e.g., `msgraph`, `meta`) |
+| `endpoint` | string | yes | Relative endpoint path or absolute URL |
+| Option | Alias | Type | Default | Description |
+|---|---|---|---|---|
+| `--method` | `-X` | string | GET | HTTP method |
+| `--data` | `-d` | string | — | JSON request payload |
+| `--contentType` | | string | application/json | Content-Type header |
+| `--headers` | | string | — | JSON object of additional headers |
+| `--connectionId` | `-c` | string | — | Tenant connection ID override |
+| `--connectionAccountId` | | string | — | Connection account ID |
+### `docyrus connect run-action <appSlug> <actionKey>`
+Run a connector or app action via `POST /v1/apps/:appSlug/actions/:actionKey/run`.
+| Argument | Type | Required | Description |
+|---|---|---|---|
+| `appSlug` | string | yes | App slug (e.g., `base`) |
+| `actionKey` | string | yes | Action key (e.g., `sendEmailWithOutlook`) |
+| Option | Alias | Type | Default | Description |
+|---|---|---|---|---|
+| `--params` | `-p` | string | — | JSON object with action input parameters |
+| `--connectionId` | `-c` | string | — | Tenant connection ID override |
+| `--connectionAccountId` | | string | — | Tenant connection account ID |
+| `--dryRun` | `-n` | boolean | false | Preview request without executing |
+---
 ## apps — App Management
 ### `docyrus apps list`

package/resources/pi-agent/skills/grill-me/SKILL.md ADDED Viewed

@@ -0,0 +1,109 @@
+---
+name: grill-me
+description: >
+  Interview the user relentlessly about a plan, architecture, or data model design until reaching shared understanding, resolving each branch of the decision tree. Use when the user wants to stress-test a plan, get grilled on their design, or mentions "grill me".
+**Triggers — use this skill when:**
+- User says "grill me", "stress test this", "challenge my design"
+- User asks to "poke holes", "find gaps", "review my thinking"
+- User wants to validate a plan before implementing
+- User says "interview me about this", "question my decisions"
+- Used after `/architect` or `/plan` when the user wants to pressure-test the output
+---
+# Grill Me
+Interview the user relentlessly about every aspect of their plan until reaching a shared understanding. Walk down each branch of the design tree, resolving dependencies between decisions one by one.
+## How It Works
+Ask questions **one at a time**. For each question, provide your recommended answer based on what you know about the codebase and the Docyrus platform.
+If a question can be answered by exploring the codebase or the discovery snapshot, explore it yourself instead of asking.
+## Question Domains
+Work through these domains systematically, but adapt the order based on what matters most for the specific plan:
+### Data Model
+- Why this data source and not an extension of an existing one?
+- What is the expected record volume? Does the schema hold up at 10x scale?
+- Are there fields that should be computed (formulas) instead of stored?
+- Could any proposed data source be replaced by a custom query instead?
+- Are slug and naming choices consistent with existing tenant conventions?
+### Field Design
+- Is this the right field type? (e.g., `field-select` vs `field-radioGroup`, `field-text` vs `field-richText`)
+- Should this field be required, optional, or have a default value?
+- Are validation rules sufficient? Too strict? Missing edge cases?
+- For relation fields: is the cardinality correct? Should it be bidirectional?
+- Are there fields that will rarely be used and could be deferred?
+### Enumerations
+- Are enum options exhaustive? What happens when a new option is needed later?
+- Should this be an enum or a separate data source with its own lifecycle?
+- Are enum values and labels clear and consistent?
+- Is the ordering intentional?
+### Relations and Dependencies
+- What is the dependency graph between data sources? Are there cycles?
+- What happens when a related record is deleted?
+- Are there implicit relations that should be explicit?
+- Does the creation order in the apply plan respect all dependencies?
+### Access Control and Security
+- Who should be able to read/write/delete these records?
+- Are there tenant-level vs app-level permission considerations?
+- Should any fields be hidden or read-only for certain roles?
+### Edge Cases and Failure Modes
+- What happens with empty states? First record ever created?
+- What if the user enters unexpected data?
+- Are there race conditions in concurrent record creation?
+- What if a bulk import has partial failures?
+### Implementation Feasibility
+- Can this be built with existing Docyrus field types, or does it require platform changes?
+- Are there known limitations in the current API that affect this design?
+- Is the proposed migration path realistic?
+## Interview Protocol
+1. Start by reading the plan or architecture artifacts (PLAN.md, DATA_SOURCES.md, discovery snapshot, or whatever is available).
+2. Identify the most critical or uncertain decision in the plan.
+3. Ask one focused question about it, with your recommended answer.
+4. Based on the user's response, either drill deeper into that branch or move to the next decision.
+5. Track resolved decisions and open questions as you go.
+6. When all major branches are resolved, summarize the final shared understanding.
+## Output on Completion
+When the interview is complete, produce a summary:
+```markdown
+## Resolved Decisions
+- [Decision 1]: [Resolution]
+- [Decision 2]: [Resolution]
+...
+## Changes to the Plan
+- [Change 1]
+- [Change 2]
+...
+## Remaining Open Questions
+- [Question 1]
+...
+```
+If the plan artifacts exist on disk (PLAN.md, data-sources.plan.json), offer to update them with the resolved decisions.

package/server-loader.js CHANGED Viewed

@@ -13288,7 +13288,7 @@ var require_promise = __commonJS({
   }
 });
-// ../../node_modules/.pnpm/@hono+node-server@1.19.11_hono@4.12.8/node_modules/@hono/node-server/dist/index.mjs
+// ../../node_modules/.pnpm/@hono+node-server@1.19.13_hono@4.12.12/node_modules/@hono/node-server/dist/index.mjs
 var dist_exports = {};
 __export(dist_exports, {
   RequestError: () => RequestError,
@@ -13341,9 +13341,9 @@ function writeFromReadableStream(stream, writable) {
   }
   return writeFromReadableStreamDefaultReader(stream.getReader(), writable);
 }
-var import_http, import_http2, import_http22, import_stream, import_crypto, RequestError, toRequestError, GlobalRequest, Request2, newHeadersFromIncoming, wrapBodyStream, newRequestFromIncoming, getRequestCache, requestCache, incomingKey, urlKey, headersKey, abortControllerKey, getAbortController, requestPrototype, newRequest, responseCache, getResponseCache, cacheKey, GlobalResponse, Response2, buildOutgoingHttpHeaders, X_ALREADY_SENT, outgoingEnded, handleRequestError, handleFetchError, handleResponseError, flushHeaders, responseViaCache, isPromise, responseViaResponseObject, getRequestListener, createAdaptorServer, serve;
+var import_http, import_http2, import_http22, import_stream, import_crypto, RequestError, toRequestError, GlobalRequest, Request2, newHeadersFromIncoming, wrapBodyStream, newRequestFromIncoming, getRequestCache, requestCache, incomingKey, urlKey, headersKey, abortControllerKey, getAbortController, requestPrototype, newRequest, responseCache, getResponseCache, cacheKey, GlobalResponse, Response2, buildOutgoingHttpHeaders, X_ALREADY_SENT, outgoingEnded, incomingDraining, DRAIN_TIMEOUT_MS, MAX_DRAIN_BYTES, drainIncoming, handleRequestError, handleFetchError, handleResponseError, flushHeaders, responseViaCache, isPromise, responseViaResponseObject, getRequestListener, createAdaptorServer, serve;
 var init_dist = __esm({
-  "../../node_modules/.pnpm/@hono+node-server@1.19.11_hono@4.12.8/node_modules/@hono/node-server/dist/index.mjs"() {
+  "../../node_modules/.pnpm/@hono+node-server@1.19.13_hono@4.12.12/node_modules/@hono/node-server/dist/index.mjs"() {
     "use strict";
     import_http = require("http");
     import_http2 = require("http2");
@@ -13624,6 +13624,50 @@ var init_dist = __esm({
       global.crypto = import_crypto.default;
     }
     outgoingEnded = /* @__PURE__ */ Symbol("outgoingEnded");
+    incomingDraining = /* @__PURE__ */ Symbol("incomingDraining");
+    DRAIN_TIMEOUT_MS = 500;
+    MAX_DRAIN_BYTES = 64 * 1024 * 1024;
+    drainIncoming = (incoming) => {
+      const incomingWithDrainState = incoming;
+      if (incoming.destroyed || incomingWithDrainState[incomingDraining]) {
+        return;
+      }
+      incomingWithDrainState[incomingDraining] = true;
+      if (incoming instanceof import_http2.Http2ServerRequest) {
+        try {
+          ;
+          incoming.stream?.close?.(import_http2.constants.NGHTTP2_NO_ERROR);
+        } catch {
+        }
+        return;
+      }
+      let bytesRead = 0;
+      const cleanup = () => {
+        clearTimeout(timer);
+        incoming.off("data", onData);
+        incoming.off("end", cleanup);
+        incoming.off("error", cleanup);
+      };
+      const forceClose = () => {
+        cleanup();
+        const socket = incoming.socket;
+        if (socket && !socket.destroyed) {
+          socket.destroySoon();
+        }
+      };
+      const timer = setTimeout(forceClose, DRAIN_TIMEOUT_MS);
+      timer.unref?.();
+      const onData = (chunk) => {
+        bytesRead += chunk.length;
+        if (bytesRead > MAX_DRAIN_BYTES) {
+          forceClose();
+        }
+      };
+      incoming.on("data", onData);
+      incoming.on("end", cleanup);
+      incoming.on("error", cleanup);
+      incoming.resume();
+    };
     handleRequestError = () => new Response(null, {
       status: 400
     });
@@ -13795,14 +13839,18 @@ var init_dist = __esm({
                   setTimeout(() => {
                     if (!incomingEnded) {
                       setTimeout(() => {
-                        incoming.destroy();
-                        outgoing.destroy();
+                        drainIncoming(incoming);
                       });
                     }
                   });
                 }
               };
             }
+            outgoing.on("finish", () => {
+              if (!incomingEnded) {
+                drainIncoming(incoming);
+              }
+            });
           }
           outgoing.on("close", () => {
             const abortController = req[abortControllerKey];
@@ -13817,7 +13865,7 @@ var init_dist = __esm({
               setTimeout(() => {
                 if (!incomingEnded) {
                   setTimeout(() => {
-                    incoming.destroy();
+                    drainIncoming(incoming);
                   });
                 }
               });
@@ -14003,7 +14051,7 @@ var import_node_crypto6 = require("node:crypto");
 var import_promises14 = require("node:fs/promises");
 var import_node_path18 = require("node:path");
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/compose.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/compose.js
 var compose = (middleware, onError, onNotFound) => {
   return (context, next) => {
     let index2 = -1;
@@ -14047,10 +14095,10 @@ var compose = (middleware, onError, onNotFound) => {
   };
 };
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/request/constants.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/request/constants.js
 var GET_MATCH_RESULT = /* @__PURE__ */ Symbol();
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/utils/body.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/utils/body.js
 var parseBody = async (request, options = /* @__PURE__ */ Object.create(null)) => {
   const { all: all2 = false, dot = false } = options;
   const headers = request instanceof HonoRequest ? request.raw.headers : request.headers;
@@ -14122,7 +14170,7 @@ var handleParsingNestedValues = (form, key, value2) => {
   });
 };
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/utils/url.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/utils/url.js
 var splitPath = (path3) => {
   const paths = path3.split("/");
   if (paths[0] === "") {
@@ -14326,7 +14374,7 @@ var getQueryParams = (url, key) => {
 };
 var decodeURIComponent_ = decodeURIComponent;
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/request.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/request.js
 var tryDecodeURIComponent = (str) => tryDecode(str, decodeURIComponent_);
 var HonoRequest = class {
   /**
@@ -14407,7 +14455,7 @@ var HonoRequest = class {
     return headerData;
   }
   async parseBody(options) {
-    return this.bodyCache.parsedBody ??= await parseBody(this, options);
+    return parseBody(this, options);
   }
   #cachedBody = (key) => {
     const { bodyCache, raw: raw2 } = this;
@@ -14594,7 +14642,7 @@ var HonoRequest = class {
   }
 };
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/utils/html.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/utils/html.js
 var HtmlEscapedCallbackPhase = {
   Stringify: 1,
   BeforeStream: 2,
@@ -14636,7 +14684,7 @@ var resolveCallback = async (str, phase, preserveCallbacks, context, buffer) =>
   }
 };
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/context.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/context.js
 var TEXT_PLAIN = "text/plain; charset=UTF-8";
 var setDefaultContentType = (contentType, headers) => {
   return {
@@ -15043,7 +15091,7 @@ var Context = class {
   };
 };
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/router.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/router.js
 var METHOD_NAME_ALL = "ALL";
 var METHOD_NAME_ALL_LOWERCASE = "all";
 var METHODS = ["get", "post", "put", "delete", "options", "patch"];
@@ -15051,10 +15099,10 @@ var MESSAGE_MATCHER_IS_ALREADY_BUILT = "Can not add a route since the matcher is
 var UnsupportedPathError = class extends Error {
 };
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/utils/constants.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/utils/constants.js
 var COMPOSED_HANDLER = "__COMPOSED_HANDLER";
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/hono-base.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/hono-base.js
 var notFoundHandler = (c) => {
   return c.text("404 Not Found", 404);
 };
@@ -15425,7 +15473,7 @@ var Hono = class _Hono {
   };
 };
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/router/reg-exp-router/matcher.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/router/reg-exp-router/matcher.js
 var emptyParam = [];
 function match(method, path3) {
   const matchers = this.buildAllMatchers();
@@ -15446,7 +15494,7 @@ function match(method, path3) {
   return match2(method, path3);
 }
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/router/reg-exp-router/node.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/router/reg-exp-router/node.js
 var LABEL_REG_EXP_STR = "[^/]+";
 var ONLY_WILDCARD_REG_EXP_STR = ".*";
 var TAIL_WILDCARD_REG_EXP_STR = "(?:|/.*)";
@@ -15554,7 +15602,7 @@ var Node = class _Node {
   }
 };
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/router/reg-exp-router/trie.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/router/reg-exp-router/trie.js
 var Trie = class {
   #context = { varIndex: 0 };
   #root = new Node();
@@ -15610,7 +15658,7 @@ var Trie = class {
   }
 };
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/router/reg-exp-router/router.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/router/reg-exp-router/router.js
 var nullMatcher = [/^$/, [], /* @__PURE__ */ Object.create(null)];
 var wildcardRegExpCache = /* @__PURE__ */ Object.create(null);
 function buildWildcardRegExp(path3) {
@@ -15789,7 +15837,7 @@ var RegExpRouter = class {
   }
 };
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/router/smart-router/router.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/router/smart-router/router.js
 var SmartRouter = class {
   name = "SmartRouter";
   #routers = [];
@@ -15844,7 +15892,7 @@ var SmartRouter = class {
   }
 };
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/router/trie-router/node.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/router/trie-router/node.js
 var emptyParams = /* @__PURE__ */ Object.create(null);
 var hasChildren = (children) => {
   for (const _ in children) {
@@ -16019,7 +16067,7 @@ var Node2 = class _Node2 {
   }
 };
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/router/trie-router/router.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/router/trie-router/router.js
 var TrieRouter = class {
   name = "TrieRouter";
   #node;
@@ -16041,7 +16089,7 @@ var TrieRouter = class {
   }
 };
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/hono.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/hono.js
 var Hono2 = class extends Hono {
   /**
    * Creates an instance of the Hono class.
@@ -16056,7 +16104,7 @@ var Hono2 = class extends Hono {
   }
 };
-// ../../node_modules/.pnpm/hono@4.12.8/node_modules/hono/dist/middleware/cors/index.js
+// ../../node_modules/.pnpm/hono@4.12.12/node_modules/hono/dist/middleware/cors/index.js
 var cors = (options) => {
   const defaults = {
     origin: "*",
@@ -16071,6 +16119,9 @@ var cors = (options) => {
   const findAllowOrigin = ((optsOrigin) => {
     if (typeof optsOrigin === "string") {
       if (optsOrigin === "*") {
+        if (opts.credentials) {
+          return (origin) => origin || null;
+        }
         return () => optsOrigin;
       } else {
         return (origin) => optsOrigin === origin ? origin : null;
@@ -16105,7 +16156,7 @@ var cors = (options) => {
       set("Access-Control-Expose-Headers", opts.exposeHeaders.join(","));
     }
     if (c.req.method === "OPTIONS") {
-      if (opts.origin !== "*") {
+      if (opts.origin !== "*" || opts.credentials) {
         set("Vary", "Origin");
       }
       if (opts.maxAge != null) {
@@ -16135,7 +16186,7 @@ var cors = (options) => {
       });
     }
     await next();
-    if (opts.origin !== "*") {
+    if (opts.origin !== "*" || opts.credentials) {
       c.header("Vary", "Origin", { append: true });
     }
   };
@@ -25655,7 +25706,7 @@ async function createAgentServer(params) {
   app.post("/api/chat", async (c) => {
     const body2 = await c.req.json();
     const messages = body2.messages ?? [];
-    if (body2.sessionId) {
+    if (body2.sessionId && body2.sessionId.trim() !== activeSession.id?.trim()) {
       try {
         activeSession = await onResumeSession(body2.sessionId);
       } catch (error) {
@@ -25778,6 +25829,21 @@ async function createAgentServer(params) {
         messageCount: s.messageCount,
         firstMessage: s.firstMessage
       })).sort((a, b) => b.modified.localeCompare(a.modified));
+      const activeId = activeSession.id?.trim();
+      if (activeId && !mapped.some((s) => s.id === activeId)) {
+        const now = (/* @__PURE__ */ new Date()).toISOString();
+        mapped.unshift({
+          id: activeId,
+          path: "",
+          cwd: context.cwd,
+          name: null,
+          parentSessionPath: null,
+          created: now,
+          modified: now,
+          messageCount: 0,
+          firstMessage: null
+        });
+      }
       return c.json({ sessions: mapped });
     } catch (error) {
       const message = error instanceof Error ? error.message : String(error);
@@ -26383,11 +26449,13 @@ async function createAgentServer(params) {
   app.post("/api/sessions/:sessionId/resume", async (c) => {
     const sessionId = c.req.param("sessionId");
     try {
-      if (activeSession.isStreaming) {
-        await activeSession.abort();
-        await waitForIdle(activeSession);
+      if (sessionId.trim() !== activeSession.id?.trim()) {
+        if (activeSession.isStreaming) {
+          await activeSession.abort();
+          await waitForIdle(activeSession);
+        }
+        activeSession = await onResumeSession(sessionId);
       }
-      activeSession = await onResumeSession(sessionId);
       return c.json({
         ok: true,
         sessionId,
@@ -26902,6 +26970,29 @@ async function createAgentServer(params) {
       return c.json({ error: message }, 500);
     }
   });
+  app.get("/api/git/commits", async (c) => {
+    const cwd = context.cwd;
+    const limit = Math.min(Math.max(Number(c.req.query("limit")) || 50, 1), 500);
+    try {
+      let raw2 = "";
+      try {
+        raw2 = await gitExec(
+          ["log", `--max-count=${limit}`, "--format=%H%x00%an%x00%ae%x00%aI%x00%s"],
+          cwd
+        );
+      } catch {
+        return c.json({ commits: [] });
+      }
+      const commits = raw2.trim().split("\n").filter(Boolean).map((line) => {
+        const [hash, authorName, authorEmail, date, message] = line.split("\0");
+        return { hash, authorName, authorEmail, date, message };
+      });
+      return c.json({ commits });
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      return c.json({ error: message }, 500);
+    }
+  });
   app.get("/api/mcp/servers", async (c) => {
     try {
       const [config, cache, provenance] = await Promise.all([