@ottocode/server 0.1.256 → 0.1.258

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@ottocode/server",
-	"version": "0.1.256",
+	"version": "0.1.258",
 	"description": "HTTP API server for ottocode",
 	"type": "module",
 	"main": "./src/index.ts",
@@ -22,6 +22,18 @@
 			"import": "./src/runtime/agent/runner.ts",
 			"types": "./src/runtime/agent/runner.ts"
 		},
+		"./runtime/session/manager": {
+			"import": "./src/runtime/session/manager.ts",
+			"types": "./src/runtime/session/manager.ts"
+		},
+		"./runtime/commands/available": {
+			"import": "./src/runtime/commands/available.ts",
+			"types": "./src/runtime/commands/available.ts"
+		},
+		"./runtime/share/service": {
+			"import": "./src/runtime/share/service.ts",
+			"types": "./src/runtime/share/service.ts"
+		},
 		"./events/bus": {
 			"import": "./src/events/bus.ts",
 			"types": "./src/events/bus.ts"
@@ -49,8 +61,8 @@
 		"typecheck": "tsc --noEmit"
 	},
 	"dependencies": {
-		"@ottocode/database": "0.1.256",
-		"@ottocode/sdk": "0.1.256",
+		"@ottocode/database": "0.1.258",
+		"@ottocode/sdk": "0.1.258",
 		"ai-sdk-ollama": "^3.8.3",
 		"drizzle-orm": "^0.44.5",
 		"hono": "^4.9.9",

package/src/openapi/paths/files.ts

@@ -69,6 +69,70 @@ export const filesPaths = {
 			},
 		},
 	},
+	'/v1/files/search': {
+		get: {
+			tags: ['files'],
+			operationId: 'searchFiles',
+			summary: 'Search project files',
+			description:
+				'Searches files for mentions and quick-open. Excludes dependencies, build artifacts, and gitignored files by default.',
+			parameters: [
+				projectQueryParam(),
+				{
+					in: 'query',
+					name: 'q',
+					required: false,
+					schema: { type: 'string', default: '' },
+					description: 'Search query',
+				},
+				{
+					in: 'query',
+					name: 'maxDepth',
+					required: false,
+					schema: { type: 'integer' },
+					description: 'Maximum directory depth to traverse',
+				},
+				{
+					in: 'query',
+					name: 'limit',
+					required: false,
+					schema: { type: 'integer' },
+					description: 'Maximum number of files to return',
+				},
+			],
+			responses: {
+				200: {
+					description: 'OK',
+					content: {
+						'application/json': {
+							schema: {
+								type: 'object',
+								properties: {
+									files: {
+										type: 'array',
+										items: { type: 'string' },
+									},
+									changedFiles: {
+										type: 'array',
+										items: {
+											type: 'object',
+											properties: {
+												path: { type: 'string' },
+												status: { type: 'string' },
+											},
+											required: ['path', 'status'],
+										},
+									},
+									truncated: { type: 'boolean' },
+								},
+								required: ['files', 'changedFiles', 'truncated'],
+							},
+						},
+					},
+				},
+			},
+		},
+	},
 	'/v1/files/tree': {
 		get: {
 			tags: ['files'],
@@ -104,13 +168,16 @@ export const filesPaths = {
 													enum: ['file', 'directory'],
 												},
 												gitignored: { type: 'boolean' },
+												vendor: { type: 'boolean' },
+												searchable: { type: 'boolean' },
 											},
 											required: ['name', 'path', 'type'],
 										},
 									},
 									path: { type: 'string' },
+									truncated: { type: 'boolean' },
 								},
-								required: ['items', 'path'],
+								required: ['items', 'path', 'truncated'],
 							},
 						},
 					},

package/src/routes/config/utils.ts

@@ -6,14 +6,11 @@ import {
 	getProviderSettings,
 	type ProviderId,
 	isProviderAuthorized,
-	getGlobalAgentsDir,
 	getAuth,
 } from '@ottocode/sdk';
-import { readdir } from 'node:fs/promises';
-import { join } from 'node:path';
 import type { EmbeddedAppConfig } from '../../index.ts';
 import type { OttoConfig } from '@ottocode/sdk';
-import { loadAgentsConfig } from '../../runtime/agent/registry.ts';
+export { discoverAllAgents } from '../../runtime/agent/registry.ts';
 
 export type ProviderDetail = {
 	id: string;
@@ -138,47 +135,3 @@ export async function getAuthTypeForProvider(
 	const auth = await getAuth(provider, projectRoot);
 	return auth?.type as 'api' | 'oauth' | 'wallet' | undefined;
 }
-
-export async function discoverAllAgents(
-	projectRoot: string,
-): Promise<string[]> {
-	const builtInAgents = ['general', 'build', 'plan', 'init'];
-	const agentSet = new Set<string>(builtInAgents);
-
-	try {
-		const agentsJson = await loadAgentsConfig(projectRoot);
-		for (const agentName of Object.keys(agentsJson)) {
-			if (agentName.trim()) {
-				agentSet.add(agentName);
-			}
-		}
-	} catch {}
-
-	try {
-		const localAgentsPath = join(projectRoot, '.otto', 'agents');
-		const localFiles = await readdir(localAgentsPath).catch(() => []);
-		for (const file of localFiles) {
-			if (file.endsWith('.txt') || file.endsWith('.md')) {
-				const agentName = file.replace(/\.(txt|md)$/, '');
-				if (agentName.trim()) {
-					agentSet.add(agentName);
-				}
-			}
-		}
-	} catch {}
-
-	try {
-		const globalAgentsPath = getGlobalAgentsDir();
-		const globalFiles = await readdir(globalAgentsPath).catch(() => []);
-		for (const file of globalFiles) {
-			if (file.endsWith('.txt') || file.endsWith('.md')) {
-				const agentName = file.replace(/\.(txt|md)$/, '');
-				if (agentName.trim()) {
-					agentSet.add(agentName);
-				}
-			}
-		}
-	} catch {}
-
-	return Array.from(agentSet).sort();
-}

package/src/routes/files.ts

@@ -1,6 +1,7 @@
 import type { Hono } from 'hono';
 import { readdir, readFile } from 'node:fs/promises';
-import { join, relative } from 'node:path';
+import { homedir } from 'node:os';
+import { join, relative, resolve } from 'node:path';
 import { spawn } from 'node:child_process';
 import { exec } from 'node:child_process';
 import { promisify } from 'node:util';
@@ -12,6 +13,12 @@ const execAsync = promisify(exec);
 
 const EXCLUDED_FILES = new Set(['.DS_Store', 'bun.lockb']);
 
+const HOME_SEARCH_MAX_DEPTH = 3;
+const HOME_SEARCH_LIMIT = 500;
+const DEFAULT_SEARCH_MAX_DEPTH = 12;
+const DEFAULT_SEARCH_LIMIT = 10_000;
+const TREE_ENTRY_LIMIT = 1000;
+
 const EXCLUDED_DIRS = new Set([
 	'node_modules',
 	'.git',
@@ -37,6 +44,36 @@ const EXCLUDED_DIRS = new Set([
 	'.vscode',
 ]);
 
+type SearchPolicy = {
+	maxDepth: number;
+	limit: number;
+	includeIgnored: boolean;
+};
+
+function isHomeDirectory(projectRoot: string): boolean {
+	return resolve(projectRoot) === resolve(homedir());
+}
+
+function clampNumber(value: number, min: number, max: number): number {
+	if (!Number.isFinite(value)) return max;
+	return Math.min(Math.max(value, min), max);
+}
+
+function getSearchPolicy(projectRoot: string): SearchPolicy {
+	if (isHomeDirectory(projectRoot)) {
+		return {
+			maxDepth: HOME_SEARCH_MAX_DEPTH,
+			limit: HOME_SEARCH_LIMIT,
+			includeIgnored: false,
+		};
+	}
+	return {
+		maxDepth: DEFAULT_SEARCH_MAX_DEPTH,
+		limit: DEFAULT_SEARCH_LIMIT,
+		includeIgnored: false,
+	};
+}
+
 function shouldExcludeFile(name: string): boolean {
 	return EXCLUDED_FILES.has(name);
 }
@@ -45,20 +82,26 @@ function shouldExcludeDir(name: string): boolean {
 	return EXCLUDED_DIRS.has(name);
 }
 
+function shouldExcludeSearchDir(name: string): boolean {
+	return shouldExcludeDir(name) || name.startsWith('.');
+}
+
 async function listFilesWithRg(
 	projectRoot: string,
+	maxDepth: number,
 	limit: number,
 	includeIgnored = false,
+	query = '',
 ): Promise<{ files: string[]; truncated: boolean }> {
 	const rgBin = await resolveBinary('rg');
 
 	return new Promise((resolve) => {
-		const args = ['--files', '--hidden', '--glob', '!.*/', '--sort', 'path'];
+		const args = ['--files', '--sort', 'path', '--max-depth', String(maxDepth)];
 		if (includeIgnored) {
 			args.push('--no-ignore');
 		}
 		for (const dir of EXCLUDED_DIRS) {
-			args.push('--glob', `!**/${dir}/`);
+			args.push('--glob', `!**/${dir}/**`);
 		}
 
 		const proc = spawn(rgBin, args, { cwd: projectRoot });
@@ -85,9 +128,12 @@ async function listFilesWithRg(
 
 			const allFiles = stdout.split('\n').filter(Boolean);
 
+			const normalizedQuery = query.trim().toLowerCase();
 			const filtered = allFiles.filter((f) => {
 				const filename = f.split(/[\\/]/).pop() || f;
-				return !shouldExcludeFile(filename);
+				if (shouldExcludeFile(filename)) return false;
+				if (!normalizedQuery) return true;
+				return f.toLowerCase().includes(normalizedQuery);
 			});
 
 			const truncated = filtered.length > limit;
@@ -170,7 +216,7 @@ async function traverseDirectory(
 			const relativePath = relative(projectRoot, fullPath);
 
 			if (entry.isDirectory()) {
-				if (shouldExcludeDir(entry.name)) continue;
+				if (shouldExcludeSearchDir(entry.name)) continue;
 				if (
 					gitignorePatterns &&
 					matchesGitignorePattern(relativePath, gitignorePatterns)
@@ -271,10 +317,24 @@ export function registerFilesRoutes(app: Hono) {
 	app.get('/v1/files', async (c) => {
 		try {
 			const projectRoot = c.req.query('project') || process.cwd();
-			const maxDepth = Number.parseInt(c.req.query('maxDepth') || '10', 10);
-			const limit = Number.parseInt(c.req.query('limit') || '10000', 10);
+			const policy = getSearchPolicy(projectRoot);
+			const maxDepth = clampNumber(
+				Number.parseInt(c.req.query('maxDepth') || String(policy.maxDepth), 10),
+				1,
+				policy.maxDepth,
+			);
+			const limit = clampNumber(
+				Number.parseInt(c.req.query('limit') || String(policy.limit), 10),
+				1,
+				policy.limit,
+			);
 
-			let result = await listFilesWithRg(projectRoot, limit, true);
+			let result = await listFilesWithRg(
+				projectRoot,
+				maxDepth,
+				limit,
+				policy.includeIgnored,
+			);
 
 			if (result.files.length === 0) {
 				const gitignorePatterns = await parseGitignore(projectRoot);
@@ -315,6 +375,11 @@ export function registerFilesRoutes(app: Hono) {
 					}),
 				),
 				truncated: result.truncated,
+				policy: {
+					maxDepth,
+					limit,
+					home: isHomeDirectory(projectRoot),
+				},
 			});
 		} catch (err) {
 			logger.error('Files route error:', err);
@@ -322,32 +387,126 @@ export function registerFilesRoutes(app: Hono) {
 		}
 	});
 
+	app.get('/v1/files/search', async (c) => {
+		try {
+			const projectRoot = c.req.query('project') || process.cwd();
+			const query = c.req.query('q') || '';
+			const policy = getSearchPolicy(projectRoot);
+			const maxDepth = clampNumber(
+				Number.parseInt(c.req.query('maxDepth') || String(policy.maxDepth), 10),
+				1,
+				policy.maxDepth,
+			);
+			const limit = clampNumber(
+				Number.parseInt(c.req.query('limit') || String(policy.limit), 10),
+				1,
+				policy.limit,
+			);
+
+			let result = await listFilesWithRg(
+				projectRoot,
+				maxDepth,
+				limit,
+				policy.includeIgnored,
+				query,
+			);
+
+			if (result.files.length === 0) {
+				const gitignorePatterns = await parseGitignore(projectRoot);
+				result = await traverseDirectory(
+					projectRoot,
+					projectRoot,
+					maxDepth,
+					0,
+					limit,
+					[],
+					gitignorePatterns,
+				);
+				const normalizedQuery = query.trim().toLowerCase();
+				if (normalizedQuery) {
+					const files = result.files.filter((file) =>
+						file.toLowerCase().includes(normalizedQuery),
+					);
+					result = {
+						files: files.slice(0, limit),
+						truncated: files.length > limit,
+					};
+				}
+			}
+
+			const [changedFiles, ignoredFiles] = await Promise.all([
+				getChangedFiles(projectRoot),
+				getGitIgnoredFiles(projectRoot, result.files),
+			]);
+
+			result.files.sort((a, b) => {
+				const aIgnored = ignoredFiles.has(a);
+				const bIgnored = ignoredFiles.has(b);
+				if (aIgnored !== bIgnored) return aIgnored ? 1 : -1;
+				const aChanged = changedFiles.has(a);
+				const bChanged = changedFiles.has(b);
+				if (aChanged && !bChanged) return -1;
+				if (!aChanged && bChanged) return 1;
+				return a.localeCompare(b);
+			});
+
+			return c.json({
+				files: result.files,
+				ignoredFiles: Array.from(ignoredFiles),
+				changedFiles: Array.from(changedFiles.entries()).map(
+					([path, status]) => ({
+						path,
+						status,
+					}),
+				),
+				truncated: result.truncated,
+				policy: {
+					maxDepth,
+					limit,
+					home: isHomeDirectory(projectRoot),
+				},
+			});
+		} catch (err) {
+			logger.error('Files search route error:', err);
+			return c.json({ error: serializeError(err) }, 500);
+		}
+	});
+
 	app.get('/v1/files/tree', async (c) => {
 		try {
 			const projectRoot = c.req.query('project') || process.cwd();
 			const dirPath = c.req.query('path') || '.';
-			const targetDir = join(projectRoot, dirPath);
+			const targetDir = resolve(projectRoot, dirPath);
+			if (!targetDir.startsWith(resolve(projectRoot))) {
+				return c.json({ error: 'Path traversal not allowed' }, 403);
+			}
 
 			const gitignorePatterns = await parseGitignore(projectRoot);
 			const entries = await readdir(targetDir, { withFileTypes: true });
+			const truncated = entries.length > TREE_ENTRY_LIMIT;
 
 			const items: Array<{
 				name: string;
 				path: string;
 				type: 'file' | 'directory';
 				gitignored?: boolean;
+				vendor?: boolean;
+				searchable?: boolean;
 			}> = [];
 
-			for (const entry of entries) {
+			for (const entry of entries.slice(0, TREE_ENTRY_LIMIT)) {
 				const relPath = relative(projectRoot, join(targetDir, entry.name));
 
 				if (entry.isDirectory()) {
 					const ignored = matchesGitignorePattern(relPath, gitignorePatterns);
+					const vendor = shouldExcludeDir(entry.name);
 					items.push({
 						name: entry.name,
 						path: relPath,
 						type: 'directory',
 						gitignored: ignored || undefined,
+						vendor: vendor || undefined,
+						searchable: vendor || ignored ? false : undefined,
 					});
 				} else if (entry.isFile()) {
 					if (shouldExcludeFile(entry.name)) continue;
@@ -357,6 +516,7 @@ export function registerFilesRoutes(app: Hono) {
 						path: relPath,
 						type: 'file',
 						gitignored: ignored || undefined,
+						searchable: ignored ? false : undefined,
 					});
 				}
 			}
@@ -369,7 +529,7 @@ export function registerFilesRoutes(app: Hono) {
 				return a.name.localeCompare(b.name);
 			});
 
-			return c.json({ items, path: dirPath });
+			return c.json({ items, path: dirPath, truncated });
 		} catch (err) {
 			logger.error('Files tree route error:', err);
 			return c.json({ error: serializeError(err) }, 500);

package/src/runtime/agent/registry.ts

@@ -1,6 +1,8 @@
 import { getGlobalAgentsJsonPath, getGlobalAgentsDir } from '@ottocode/sdk';
 import type { ProviderName } from '@ottocode/sdk';
 import { catalog } from '@ottocode/sdk';
+import { readdir } from 'node:fs/promises';
+import { join } from 'node:path';
 // Embed default agent prompts; only user overrides read from disk.
 // eslint-disable-next-line @typescript-eslint/consistent-type-imports
 import AGENT_BUILD from '@ottocode/sdk/prompts/agents/build.txt' with {
@@ -40,6 +42,8 @@ export type AgentConfigEntry = {
 
 type AgentsJson = Record<string, AgentConfigEntry>;
 
+const BUILTIN_AGENT_NAMES = ['build', 'plan', 'general', 'init', 'research'];
+
 function normalizeStringList(value: unknown): string[] {
 	if (!Array.isArray(value)) return [];
 	const seen = new Set<string>();
@@ -221,6 +225,49 @@ export async function loadAgentsConfig(
 	return merged;
 }
 
+export async function discoverAllAgents(
+	projectRoot: string,
+): Promise<string[]> {
+	const agentSet = new Set<string>(BUILTIN_AGENT_NAMES);
+
+	try {
+		const agentsJson = await loadAgentsConfig(projectRoot);
+		for (const agentName of Object.keys(agentsJson)) {
+			if (agentName.trim()) {
+				agentSet.add(agentName);
+			}
+		}
+	} catch {}
+
+	try {
+		const localAgentsPath = join(projectRoot, '.otto', 'agents');
+		const localFiles = await readdir(localAgentsPath).catch(() => []);
+		for (const file of localFiles) {
+			if (file.endsWith('.txt') || file.endsWith('.md')) {
+				const agentName = file.replace(/\.(txt|md)$/, '');
+				if (agentName.trim()) {
+					agentSet.add(agentName);
+				}
+			}
+		}
+	} catch {}
+
+	try {
+		const globalAgentsPath = getGlobalAgentsDir();
+		const globalFiles = await readdir(globalAgentsPath).catch(() => []);
+		for (const file of globalFiles) {
+			if (file.endsWith('.txt') || file.endsWith('.md')) {
+				const agentName = file.replace(/\.(txt|md)$/, '');
+				if (agentName.trim()) {
+					agentSet.add(agentName);
+				}
+			}
+		}
+	} catch {}
+
+	return Array.from(agentSet).sort();
+}
+
 export async function resolveAgentConfig(
 	projectRoot: string,
 	name: string,

package/src/runtime/agent-registry.ts

@@ -1,5 +1,6 @@
 // Barrel export for backwards compatibility with @ottocode/server/runtime/agent-registry
 export {
+	discoverAllAgents,
 	resolveAgentConfig,
 	defaultToolsForAgent,
 	type AgentConfigEntry,

package/src/runtime/ask/service.ts

@@ -73,6 +73,7 @@ export type AskServerRequest = {
 	credentials?: InjectableCredentials;
 	agentPrompt?: string;
 	tools?: string[];
+	images?: Array<{ data: string; mediaType: string }>;
 };
 
 export type AskServerResponse = {
@@ -305,7 +306,9 @@ async function processAskRequest(
 		} as SessionRow;
 	}
 
-	validateProviderModel(providerForMessage, modelForMessage, cfg);
+	validateProviderModel(providerForMessage, modelForMessage, cfg, {
+		wantsVision: Boolean(request.images?.length),
+	});
 
 	if (!request.skipFileConfig && !request.config && !request.credentials) {
 		await ensureProviderEnv(cfg, providerForMessage);
@@ -327,6 +330,7 @@ async function processAskRequest(
 		oneShot: !request.sessionId && !request.last,
 		reasoningText,
 		reasoningLevel,
+		images: request.images,
 	});
 
 	const headerAgent = session.agent ?? agentName;

package/src/runtime/commands/available.ts

@@ -0,0 +1,25 @@
+export type AvailableSlashCommand = {
+	name: string;
+	description: string;
+	input?: { hint: string };
+};
+
+const AVAILABLE_SLASH_COMMANDS: AvailableSlashCommand[] = [
+	{
+		name: 'compact',
+		description: 'Compact conversation to reduce context size',
+	},
+	{
+		name: 'init',
+		description: 'Generate AGENTS.md and .agents docs from the repo structure',
+	},
+	{
+		name: 'share',
+		description: 'Share the current session publicly',
+	},
+];
+
+/** Returns slash commands that can be sent as chat messages to the server runtime. */
+export function listAvailableSlashCommands(): AvailableSlashCommand[] {
+	return AVAILABLE_SLASH_COMMANDS;
+}

package/src/runtime/session/manager.ts

@@ -1,7 +1,7 @@
-import { desc, eq } from 'drizzle-orm';
+import { and, asc, desc, eq, inArray, ne } from 'drizzle-orm';
 import type { OttoConfig } from '@ottocode/sdk';
 import type { DB } from '@ottocode/database';
-import { sessions } from '@ottocode/database/schema';
+import { messageParts, messages, sessions } from '@ottocode/database/schema';
 import {
 	validateProviderModel,
 	isProviderAuthorized,
@@ -11,6 +11,8 @@ import {
 import { publish } from '../../events/bus.ts';
 
 type SessionRow = typeof sessions.$inferSelect;
+type MessageRow = typeof messages.$inferSelect;
+type MessagePartRow = typeof messageParts.$inferSelect;
 
 type CreateSessionInput = {
 	db: DB;
@@ -69,7 +71,7 @@ export async function createSession({
 
 type GetSessionInput = {
 	db: DB;
-	projectPath: string;
+	projectPath?: string;
 	sessionId: string;
 };
 
@@ -84,7 +86,7 @@ export async function getSessionById({
 		.where(eq(sessions.id, sessionId));
 	if (!rows.length) return undefined;
 	const row = rows[0];
-	if (row.projectPath !== projectPath) return undefined;
+	if (projectPath && row.projectPath !== projectPath) return undefined;
 	return row;
 }
 
@@ -102,3 +104,64 @@ export async function getLastSession({
 		.limit(1);
 	return rows[0];
 }
+
+type ListSessionsInput = {
+	db: DB;
+	projectPath?: string;
+	limit?: number;
+};
+
+export async function listSessions({
+	db,
+	projectPath,
+	limit = 100,
+}: ListSessionsInput): Promise<SessionRow[]> {
+	return await db
+		.select()
+		.from(sessions)
+		.where(
+			projectPath
+				? and(
+						eq(sessions.projectPath, projectPath),
+						ne(sessions.sessionType, 'research'),
+					)
+				: ne(sessions.sessionType, 'research'),
+		)
+		.orderBy(desc(sessions.lastActiveAt), desc(sessions.createdAt))
+		.limit(limit);
+}
+
+export type SessionHistoryMessage = MessageRow & {
+	parts: MessagePartRow[];
+};
+
+export async function getSessionHistoryMessages(
+	db: DB,
+	sessionId: string,
+): Promise<SessionHistoryMessage[]> {
+	const rows = await db
+		.select()
+		.from(messages)
+		.where(eq(messages.sessionId, sessionId))
+		.orderBy(asc(messages.createdAt));
+	const messageIds = rows.map((message) => message.id);
+	const parts = messageIds.length
+		? await db
+				.select()
+				.from(messageParts)
+				.where(inArray(messageParts.messageId, messageIds))
+				.orderBy(asc(messageParts.messageId), asc(messageParts.index))
+		: [];
+	const partsByMessageId = new Map<string, MessagePartRow[]>();
+	for (const part of parts) {
+		const existing = partsByMessageId.get(part.messageId);
+		if (existing) existing.push(part);
+		else partsByMessageId.set(part.messageId, [part]);
+	}
+	return rows.map((message) => ({
+		...message,
+		parts: (partsByMessageId.get(message.id) ?? []).sort(
+			(a, b) => a.index - b.index,
+		),
+	}));
+}

package/src/runtime/share/service.ts

@@ -0,0 +1,158 @@
+import { getDb } from '@ottocode/database';
+import {
+	messageParts,
+	messages,
+	sessions,
+	shares,
+} from '@ottocode/database/schema';
+import { loadConfig } from '@ottocode/sdk';
+import { eq, inArray } from 'drizzle-orm';
+import { userInfo } from 'node:os';
+
+const SHARE_API_URL =
+	process.env.OTTO_SHARE_API_URL || 'https://api.share.ottocode.io';
+
+function getUsername(): string {
+	try {
+		return userInfo().username;
+	} catch {
+		return 'anonymous';
+	}
+}
+
+export type ShareSessionResult = {
+	shared: true;
+	shareId: string;
+	url: string;
+	message?: string;
+};
+
+/** Shares an otto session and returns the public share URL. */
+export async function shareSession(args: {
+	sessionId: string;
+	projectRoot?: string;
+}): Promise<ShareSessionResult> {
+	const cfg = await loadConfig(args.projectRoot || process.cwd());
+	const db = await getDb(cfg.projectRoot);
+
+	const session = await db
+		.select()
+		.from(sessions)
+		.where(eq(sessions.id, args.sessionId))
+		.limit(1);
+	if (!session.length) {
+		throw new Error('Session not found');
+	}
+
+	const existingShare = await db
+		.select()
+		.from(shares)
+		.where(eq(shares.sessionId, args.sessionId))
+		.limit(1);
+	if (existingShare.length) {
+		return {
+			shared: true,
+			shareId: existingShare[0].shareId,
+			url: existingShare[0].url,
+			message: 'Already shared',
+		};
+	}
+
+	const allMessages = await db
+		.select()
+		.from(messages)
+		.where(eq(messages.sessionId, args.sessionId))
+		.orderBy(messages.createdAt);
+
+	if (!allMessages.length) {
+		throw new Error('Session has no messages');
+	}
+
+	const msgParts = await db
+		.select()
+		.from(messageParts)
+		.where(
+			inArray(
+				messageParts.messageId,
+				allMessages.map((message) => message.id),
+			),
+		)
+		.orderBy(messageParts.index);
+
+	const partsByMessage = new Map<string, typeof msgParts>();
+	for (const part of msgParts) {
+		const list = partsByMessage.get(part.messageId) || [];
+		list.push(part);
+		partsByMessage.set(part.messageId, list);
+	}
+
+	const lastMessageId = allMessages[allMessages.length - 1].id;
+	const sess = session[0];
+	const sessionData = {
+		title: sess.title,
+		username: getUsername(),
+		agent: sess.agent,
+		provider: sess.provider,
+		model: sess.model,
+		createdAt: sess.createdAt,
+		stats: {
+			inputTokens: sess.totalInputTokens ?? 0,
+			outputTokens: sess.totalOutputTokens ?? 0,
+			cachedTokens: sess.totalCachedTokens ?? 0,
+			cacheCreationTokens: sess.totalCacheCreationTokens ?? 0,
+			reasoningTokens: sess.totalReasoningTokens ?? 0,
+			toolTimeMs: sess.totalToolTimeMs ?? 0,
+			toolCounts: sess.toolCountsJson ? JSON.parse(sess.toolCountsJson) : {},
+		},
+		messages: allMessages.map((message) => ({
+			id: message.id,
+			role: message.role,
+			createdAt: message.createdAt,
+			parts: (partsByMessage.get(message.id) || []).map((part) => ({
+				type: part.type,
+				content: part.content,
+				toolName: part.toolName,
+				toolCallId: part.toolCallId,
+			})),
+		})),
+	};
+
+	const res = await fetch(`${SHARE_API_URL}/share`, {
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		body: JSON.stringify({
+			sessionData,
+			title: sess.title,
+			lastMessageId,
+		}),
+	});
+
+	if (!res.ok) {
+		const err = await res.text();
+		throw new Error(`Failed to create share: ${err}`);
+	}
+
+	const data = (await res.json()) as {
+		shareId: string;
+		secret: string;
+		url: string;
+	};
+
+	await db.insert(shares).values({
+		sessionId: args.sessionId,
+		shareId: data.shareId,
+		secret: data.secret,
+		url: data.url,
+		title: sess.title,
+		description: null,
+		createdAt: Date.now(),
+		lastSyncedAt: Date.now(),
+		lastSyncedMessageId: lastMessageId,
+	});
+
+	return {
+		shared: true,
+		shareId: data.shareId,
+		url: data.url,
+	};
+}