agentdev-webui 1.0.0 → 1.1.2

package/lib/auth.js

@@ -13,13 +13,13 @@ function hashPassword(password) {
   return crypto.createHash('sha256').update(password).digest('hex');
 }
 
-function createSession(userId, email) {
+function createSession(userId, email, ttl) {
   const sessionId = generateSessionId();
   const session = {
     userId,
     email,
     createdAt: Date.now(),
-    expiresAt: Date.now() + config.AUTH.SESSION_TTL
+    expiresAt: Date.now() + (ttl || config.AUTH.SESSION_TTL)
   };
   sessions.set(sessionId, session);
   return sessionId;
@@ -87,7 +87,7 @@ function isAuthenticated(req) {
 }
 
 // Public paths that don't require authentication
-const PUBLIC_PATHS = ['/login', '/login.html', '/register', '/register.html', '/reset-password', '/reset-password.html', '/verify-email', '/verify-email.html', '/docs', '/docs.html', '/docs.md', '/css/styles.css', '/manifest.json', '/sw.js', '/icon-192.png', '/icon-512.png', '/favicon.svg', '/favicon.ico'];
+const PUBLIC_PATHS = ['/login', '/login.html', '/register', '/register.html', '/reset-password', '/reset-password.html', '/verify-email', '/verify-email.html', '/docs', '/docs.html', '/docs.md', '/css/styles.css', '/manifest.json', '/sw.js', '/icon-192.png', '/icon-512.png', '/favicon.svg', '/favicon.ico', '/og-image.svg'];
 
 function requireAuth(req, res) {
   const url = req.url.split('?')[0];

package/lib/config.js

@@ -48,6 +48,14 @@ module.exports = {
   DEVICE_CODE_TTL: 600, // 10 minutes
   DEVICE_CODE_POLL_INTERVAL: 5, // 5 seconds
 
+  // LinkedIn OAuth configuration
+  LINKEDIN: {
+    SCOPES: ['openid', 'profile', 'email', 'w_member_social'],
+    AUTH_URL: 'https://www.linkedin.com/oauth/v2/authorization',
+    TOKEN_URL: 'https://www.linkedin.com/oauth/v2/accessToken',
+    API_VERSION: '202601'
+  },
+
   // Base URL for device authorization
   BASE_URL: process.env.BASE_URL || 'http://localhost:3847'
 };

package/lib/database.js

@@ -118,6 +118,33 @@ async function updateUserGitHubToken(userId, encryptedToken) {
   return result.rows[0];
 }
 
+async function updateUserLinkedInTokens(userId, { accessToken, refreshToken, expiresAt }) {
+  const result = await query(
+    `UPDATE agentdev_users
+     SET linkedin_token_encrypted = $2,
+         linkedin_refresh_token_encrypted = $3,
+         linkedin_token_expires_at = $4,
+         updated_at = NOW()
+     WHERE id = $1
+     RETURNING id, email`,
+    [userId, accessToken, refreshToken, expiresAt]
+  );
+  return result.rows[0];
+}
+
+async function updateUserLinkedInConfig(userId, { clientId, clientSecretEncrypted }) {
+  const result = await query(
+    `UPDATE agentdev_users
+     SET linkedin_client_id = $2,
+         linkedin_client_secret_encrypted = $3,
+         updated_at = NOW()
+     WHERE id = $1
+     RETURNING id, email`,
+    [userId, clientId, clientSecretEncrypted]
+  );
+  return result.rows[0];
+}
+
 // ============================================================================
 // Project operations
 // ============================================================================
@@ -713,6 +740,8 @@ module.exports = {
   getUserById,
   updateUserLimits,
   updateUserGitHubToken,
+  updateUserLinkedInTokens,
+  updateUserLinkedInConfig,
 
   // Agents
   createAgent,

package/lib/linkedin.js

@@ -0,0 +1,161 @@
+const config = require('./config');
+
+const LINKEDIN_API_VERSION = '202601';
+const profileCache = new Map();
+
+// --- REST helpers ---
+
+async function linkedinRest(method, path, token, body = null) {
+  const baseUrl = path.startsWith('/v2/') ? 'https://api.linkedin.com' : 'https://api.linkedin.com';
+  const opts = {
+    method,
+    headers: {
+      'Authorization': `Bearer ${token}`,
+      'X-Restli-Protocol-Version': '2.0.0',
+      'LinkedIn-Version': LINKEDIN_API_VERSION
+    }
+  };
+  if (body) {
+    opts.headers['Content-Type'] = 'application/json';
+    opts.body = JSON.stringify(body);
+  }
+  const res = await fetch(`${baseUrl}${path}`, opts);
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(`LinkedIn API ${method} ${path} failed (${res.status}): ${text}`);
+  }
+  if (res.status === 204) return null;
+  return res.json();
+}
+
+// --- OAuth helpers ---
+
+function getAuthorizationUrl(clientId, redirectUri, state, scopes = ['openid', 'profile', 'email', 'w_member_social']) {
+  const params = new URLSearchParams({
+    response_type: 'code',
+    client_id: clientId,
+    redirect_uri: redirectUri,
+    state: state,
+    scope: scopes.join(' ')
+  });
+  return `https://www.linkedin.com/oauth/v2/authorization?${params.toString()}`;
+}
+
+async function exchangeCodeForToken(code, clientId, clientSecret, redirectUri) {
+  const params = new URLSearchParams({
+    grant_type: 'authorization_code',
+    code: code,
+    client_id: clientId,
+    client_secret: clientSecret,
+    redirect_uri: redirectUri
+  });
+
+  const res = await fetch('https://www.linkedin.com/oauth/v2/accessToken', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body: params.toString()
+  });
+
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(`LinkedIn token exchange failed (${res.status}): ${text}`);
+  }
+
+  return res.json();
+  // Returns: { access_token, expires_in, refresh_token?, refresh_token_expires_in?, scope }
+}
+
+async function refreshAccessToken(refreshToken, clientId, clientSecret) {
+  const params = new URLSearchParams({
+    grant_type: 'refresh_token',
+    refresh_token: refreshToken,
+    client_id: clientId,
+    client_secret: clientSecret
+  });
+
+  const res = await fetch('https://www.linkedin.com/oauth/v2/accessToken', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body: params.toString()
+  });
+
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(`LinkedIn token refresh failed (${res.status}): ${text}`);
+  }
+
+  return res.json();
+}
+
+// --- Public API functions ---
+
+async function fetchProfile(token) {
+  const cacheKey = `profile:${token.slice(-8)}`;
+  const cached = profileCache.get(cacheKey);
+  if (cached && Date.now() - cached.timestamp < config.CACHE_TTL) {
+    return cached.data;
+  }
+
+  try {
+    const data = await linkedinRest('GET', '/v2/userinfo', token);
+    profileCache.set(cacheKey, { data, timestamp: Date.now() });
+    return data;
+    // Returns: { sub, name, given_name, family_name, picture, locale, email, email_verified }
+  } catch (e) {
+    console.error('LinkedIn fetchProfile error:', e.message);
+    return null;
+  }
+}
+
+async function createPost(token, authorUrn, commentary, visibility = 'PUBLIC') {
+  const body = {
+    author: authorUrn,
+    commentary: commentary,
+    visibility: visibility,
+    distribution: {
+      feedDistribution: 'MAIN_FEED',
+      targetEntities: [],
+      thirdPartyDistributionChannels: []
+    },
+    lifecycleState: 'PUBLISHED',
+    isReshareDisabledByAuthor: false
+  };
+
+  return await linkedinRest('POST', '/rest/posts', token, body);
+}
+
+async function getMyPosts(token, authorUrn) {
+  try {
+    const encodedUrn = encodeURIComponent(authorUrn);
+    return await linkedinRest('GET', `/rest/posts?q=author&author=${encodedUrn}&count=10`, token);
+  } catch (e) {
+    console.error('LinkedIn getMyPosts error:', e.message);
+    return null;
+  }
+}
+
+async function deletePost(token, postUrn) {
+  try {
+    const encodedUrn = encodeURIComponent(postUrn);
+    await linkedinRest('DELETE', `/rest/posts/${encodedUrn}`, token);
+    return true;
+  } catch (e) {
+    console.error('LinkedIn deletePost error:', e.message);
+    return false;
+  }
+}
+
+function clearCache() {
+  profileCache.clear();
+}
+
+module.exports = {
+  getAuthorizationUrl,
+  exchangeCodeForToken,
+  refreshAccessToken,
+  fetchProfile,
+  createPost,
+  getMyPosts,
+  deletePost,
+  clearCache
+};

package/lib/routes.js

@@ -3,6 +3,8 @@ const deviceFlow = require('./device-flow');
 const db = require('./database');
 const encryption = require('./encryption');
 const auth = require('./auth');
+const crypto = require('crypto');
+const linkedin = require('./linkedin');
 
 /**
  * Register all API routes
@@ -671,6 +673,300 @@ function registerRoutes(req, res) {
     return true;
   }
 
+  // ============================================================================
+  // LinkedIn API Routes (require user session)
+  // ============================================================================
+
+  // POST /api/linkedin/config — Save LinkedIn OAuth app credentials
+  if (url === '/api/linkedin/config' && method === 'POST') {
+    if (!auth.isAuthenticated(req)) {
+      res.writeHead(401, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: 'Unauthorized' }));
+      return true;
+    }
+
+    let body = '';
+    req.on('data', chunk => body += chunk);
+    req.on('end', async () => {
+      try {
+        const { client_id, client_secret } = JSON.parse(body);
+        if (!client_id || !client_secret) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: 'client_id and client_secret are required' }));
+          return;
+        }
+
+        const userId = 1;
+        const encryptedSecret = encryption.encrypt(client_secret);
+        await db.updateUserLinkedInConfig(userId, {
+          clientId: client_id,
+          clientSecretEncrypted: encryptedSecret
+        });
+
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ success: true }));
+      } catch (error) {
+        console.error('LinkedIn config error:', error);
+        res.writeHead(500, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: error.message }));
+      }
+    });
+    return true;
+  }
+
+  // GET /api/linkedin/config — Get LinkedIn OAuth config status
+  if (url === '/api/linkedin/config' && method === 'GET') {
+    if (!auth.isAuthenticated(req)) {
+      res.writeHead(401, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: 'Unauthorized' }));
+      return true;
+    }
+
+    (async () => {
+      try {
+        const userId = 1;
+        const user = await db.getUserById(userId);
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({
+          configured: !!user?.linkedin_client_id,
+          client_id: user?.linkedin_client_id || null,
+          connected: !!user?.linkedin_token_encrypted,
+          token_expires_at: user?.linkedin_token_expires_at || null
+        }));
+      } catch (error) {
+        console.error('LinkedIn config get error:', error);
+        res.writeHead(500, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: error.message }));
+      }
+    })();
+    return true;
+  }
+
+  // GET /api/linkedin/authorize — Start OAuth flow (redirect to LinkedIn)
+  if (url === '/api/linkedin/authorize' && method === 'GET') {
+    if (!auth.isAuthenticated(req)) {
+      res.writeHead(401, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: 'Unauthorized' }));
+      return true;
+    }
+
+    (async () => {
+      try {
+        const userId = 1;
+        const user = await db.getUserById(userId);
+        if (!user?.linkedin_client_id || !user?.linkedin_client_secret_encrypted) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: 'LinkedIn OAuth not configured. Save client_id and client_secret first.' }));
+          return;
+        }
+
+        const config = require('./config');
+        const redirectUri = `${config.BASE_URL}/api/linkedin/callback`;
+        const state = crypto.randomBytes(16).toString('hex');
+
+        const authUrl = linkedin.getAuthorizationUrl(
+          user.linkedin_client_id,
+          redirectUri,
+          state
+        );
+
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ authorization_url: authUrl, state }));
+      } catch (error) {
+        console.error('LinkedIn authorize error:', error);
+        res.writeHead(500, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: error.message }));
+      }
+    })();
+    return true;
+  }
+
+  // GET /api/linkedin/callback — OAuth callback handler
+  if (url.startsWith('/api/linkedin/callback') && method === 'GET') {
+    (async () => {
+      try {
+        const urlObj = new URL(req.url, `http://${req.headers.host}`);
+        const code = urlObj.searchParams.get('code');
+        const error = urlObj.searchParams.get('error');
+
+        if (error) {
+          res.writeHead(302, { 'Location': '/?linkedin_error=' + encodeURIComponent(error) });
+          res.end();
+          return;
+        }
+
+        if (!code) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: 'Missing authorization code' }));
+          return;
+        }
+
+        const userId = 1;
+        const user = await db.getUserById(userId);
+        if (!user?.linkedin_client_id || !user?.linkedin_client_secret_encrypted) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: 'LinkedIn OAuth not configured' }));
+          return;
+        }
+
+        const clientSecret = encryption.decrypt(user.linkedin_client_secret_encrypted);
+        const appConfig = require('./config');
+        const redirectUri = `${appConfig.BASE_URL}/api/linkedin/callback`;
+
+        const tokenData = await linkedin.exchangeCodeForToken(
+          code,
+          user.linkedin_client_id,
+          clientSecret,
+          redirectUri
+        );
+
+        const expiresAt = new Date(Date.now() + tokenData.expires_in * 1000);
+        await db.updateUserLinkedInTokens(userId, {
+          accessToken: encryption.encrypt(tokenData.access_token),
+          refreshToken: tokenData.refresh_token ? encryption.encrypt(tokenData.refresh_token) : null,
+          expiresAt
+        });
+
+        res.writeHead(302, { 'Location': '/?linkedin_connected=true' });
+        res.end();
+      } catch (error) {
+        console.error('LinkedIn callback error:', error);
+        res.writeHead(302, { 'Location': '/?linkedin_error=' + encodeURIComponent(error.message) });
+        res.end();
+      }
+    })();
+    return true;
+  }
+
+  // GET /api/linkedin/profile — Get authenticated user's LinkedIn profile
+  if (url === '/api/linkedin/profile' && method === 'GET') {
+    if (!auth.isAuthenticated(req)) {
+      res.writeHead(401, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: 'Unauthorized' }));
+      return true;
+    }
+
+    (async () => {
+      try {
+        const userId = 1;
+        const user = await db.getUserById(userId);
+        if (!user?.linkedin_token_encrypted) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: 'LinkedIn not connected. Complete OAuth flow first.' }));
+          return;
+        }
+
+        const token = encryption.decrypt(user.linkedin_token_encrypted);
+        const profile = await linkedin.fetchProfile(token);
+
+        if (!profile) {
+          res.writeHead(500, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: 'Failed to fetch LinkedIn profile' }));
+          return;
+        }
+
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(profile));
+      } catch (error) {
+        console.error('LinkedIn profile error:', error);
+        res.writeHead(500, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: error.message }));
+      }
+    })();
+    return true;
+  }
+
+  // POST /api/linkedin/posts — Create a LinkedIn post
+  if (url === '/api/linkedin/posts' && method === 'POST') {
+    if (!auth.isAuthenticated(req)) {
+      res.writeHead(401, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: 'Unauthorized' }));
+      return true;
+    }
+
+    let body = '';
+    req.on('data', chunk => body += chunk);
+    req.on('end', async () => {
+      try {
+        const { commentary, visibility } = JSON.parse(body);
+        if (!commentary) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: 'commentary is required' }));
+          return;
+        }
+
+        const userId = 1;
+        const user = await db.getUserById(userId);
+        if (!user?.linkedin_token_encrypted) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: 'LinkedIn not connected' }));
+          return;
+        }
+
+        const token = encryption.decrypt(user.linkedin_token_encrypted);
+
+        // Get user profile to construct author URN
+        const profile = await linkedin.fetchProfile(token);
+        if (!profile?.sub) {
+          res.writeHead(500, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: 'Could not determine LinkedIn user ID' }));
+          return;
+        }
+
+        const authorUrn = `urn:li:person:${profile.sub}`;
+        const result = await linkedin.createPost(token, authorUrn, commentary, visibility || 'PUBLIC');
+
+        res.writeHead(201, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ success: true, post: result }));
+      } catch (error) {
+        console.error('LinkedIn post create error:', error);
+        res.writeHead(500, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: error.message }));
+      }
+    });
+    return true;
+  }
+
+  // GET /api/linkedin/posts — Get user's LinkedIn posts
+  if (url === '/api/linkedin/posts' && method === 'GET') {
+    if (!auth.isAuthenticated(req)) {
+      res.writeHead(401, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: 'Unauthorized' }));
+      return true;
+    }
+
+    (async () => {
+      try {
+        const userId = 1;
+        const user = await db.getUserById(userId);
+        if (!user?.linkedin_token_encrypted) {
+          res.writeHead(400, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: 'LinkedIn not connected' }));
+          return;
+        }
+
+        const token = encryption.decrypt(user.linkedin_token_encrypted);
+        const profile = await linkedin.fetchProfile(token);
+        if (!profile?.sub) {
+          res.writeHead(500, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: 'Could not determine LinkedIn user ID' }));
+          return;
+        }
+
+        const authorUrn = `urn:li:person:${profile.sub}`;
+        const posts = await linkedin.getMyPosts(token, authorUrn);
+
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(posts || { elements: [] }));
+      } catch (error) {
+        console.error('LinkedIn posts list error:', error);
+        res.writeHead(500, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: error.message }));
+      }
+    })();
+    return true;
+  }
+
   // Route not handled
   return false;
 }

package/migrations/009_add_linkedin_tokens.sql

@@ -0,0 +1,7 @@
+-- Add LinkedIn OAuth token columns to agentdev_users
+ALTER TABLE agentdev_users
+  ADD COLUMN IF NOT EXISTS linkedin_token_encrypted TEXT,
+  ADD COLUMN IF NOT EXISTS linkedin_refresh_token_encrypted TEXT,
+  ADD COLUMN IF NOT EXISTS linkedin_token_expires_at TIMESTAMPTZ,
+  ADD COLUMN IF NOT EXISTS linkedin_client_id TEXT,
+  ADD COLUMN IF NOT EXISTS linkedin_client_secret_encrypted TEXT;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentdev-webui",
-  "version": "1.0.0",
+  "version": "1.1.2",
   "description": "Multi-agent workflow dashboard for auto-ticket processing",
   "main": "server.js",
   "bin": {
@@ -17,7 +17,12 @@
     "dev": "nodemon --watch server.js --watch lib --watch public --ext js,html,css,json --delay 500ms server.js",
     "test": "echo \"No tests yet\" && exit 0"
   },
-  "keywords": ["agent", "workflow", "dashboard", "pwa"],
+  "keywords": [
+    "agent",
+    "workflow",
+    "dashboard",
+    "pwa"
+  ],
   "author": "DataTamer",
   "license": "MIT",
   "repository": {

package/public/css/styles.css

@@ -308,7 +308,7 @@ body.offline { padding-top: 32px; }
   border: 1px solid #333;
   border-radius: 8px;
   box-shadow: 0 8px 24px rgba(0,0,0,0.4);
-  z-index: 1000;
+  z-index: 1050;
   overflow: hidden;
 }
 .notification-panel.open { display: block; }
@@ -1088,10 +1088,13 @@ button:disabled { opacity: 0.5; cursor: not-allowed; }
   .logs-panel { padding: 12px; }
   .log-entry { font-size: 11px; padding: 6px 10px; }
   .scroll-to-bottom { right: 24px; }
+  /* Hide status text label on mobile - dot alone is sufficient */
+  #statusTxt { display: none; }
   /* Hide less-important action buttons on mobile to keep logout visible */
   .actions-group .logout-btn:not(#logoutBtn) { display: none; }
   .project-selector { max-width: 120px; font-size: 11px; }
   .manage-projects-btn { min-width: 36px; min-height: 36px; padding: 2px 6px; }
+  #statusTxt { display: none; }
 }
 
 /* Scroll to bottom button */

package/public/js/app.js

@@ -1018,17 +1018,6 @@ async function createTicket() {
       formStatus.innerHTML = 'Ticket <a href="' + data.url + '" target="_blank">#' + data.number + '</a> created and added to project!';
       formStatus.className = 'form-status visible success';
 
-      // Optimistic update: add ticket to board immediately
-      lastTodosList.push({
-        number: data.number,
-        repo: data.repo || repo,
-        title: title,
-        status: 'Todo',
-        hasClaude: true,
-        project_id: currentProjectId
-      });
-      updateTodoTickets(lastTodosList);
-
       ticketDescription.value = '';
       setTimeout(closeCreateTicketModal, 2000);
     } else {

package/public/login.html

@@ -161,6 +161,11 @@
           <input type="password" id="password" name="password" placeholder="Enter your password" required>
         </div>
 
+        <div style="display: flex; align-items: center; margin-bottom: 16px;">
+          <input type="checkbox" id="remember" name="remember" checked style="width: auto; margin: 0 8px 0 0; accent-color: #4ade80; cursor: pointer;">
+          <label for="remember" style="color: rgba(255, 255, 255, 0.7); font-size: 14px; margin: 0; text-transform: none; letter-spacing: 0; cursor: pointer;">Remember me</label>
+        </div>
+
         <button type="submit" class="login-btn" id="loginBtn">Sign In</button>
       </form>
 
@@ -189,6 +194,7 @@
 
       const username = document.getElementById('username').value;
       const password = document.getElementById('password').value;
+      const remember = document.getElementById('remember').checked;
       const loginBtn = document.getElementById('loginBtn');
       const loginError = document.getElementById('loginError');
 
@@ -200,7 +206,7 @@
         const res = await fetch('/api/login', {
           method: 'POST',
           headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify({ username, password })
+          body: JSON.stringify({ username, password, remember })
         });
 
         const data = await res.json();

package/server.js

@@ -273,6 +273,10 @@ async function resolveProjectToken(project) {
   return process.env.GH_TOKEN || process.env.GITHUB_DEFAULT_TOKEN || null;
 }
 
+// Track recently created tickets server-side so SSE broadcasts include them
+// even before GitHub indexes them (avoids optimistic update flicker)
+const recentlyCreatedTickets = new Map(); // "repo:number" → { ticket, created }
+
 async function broadcastTodoTickets() {
   try {
     let allTickets = [];
@@ -305,6 +309,19 @@ async function broadcastTodoTickets() {
       allTickets = await github.fetchProjectTickets();
     }
 
+    // Merge recently created tickets that GitHub hasn't indexed yet
+    for (const [key, entry] of recentlyCreatedTickets) {
+      const [repo, num] = key.split(':');
+      const numInt = parseInt(num);
+      if (allTickets.some(t => t.repo === repo && t.number === numInt)) {
+        recentlyCreatedTickets.delete(key); // Confirmed by GitHub
+      } else if (Date.now() - entry.created > 60000) {
+        recentlyCreatedTickets.delete(key); // Expired after 60s
+      } else {
+        allTickets.push(entry.ticket); // Add to broadcast
+      }
+    }
+
     broadcast({ type: 'todos', list: allTickets });
   } catch (error) {
     console.error('Error broadcasting project tickets:', error.message);
@@ -377,7 +394,7 @@ http.createServer(async (req, res) => {
     req.on('data', chunk => body += chunk);
     req.on('end', async () => {
       try {
-        const { username, password } = JSON.parse(body);
+        const { username, password, remember } = JSON.parse(body);
         const user = await auth.validateCredentials(username, password);
         if (user) {
           // Check if email is verified
@@ -386,13 +403,16 @@ http.createServer(async (req, res) => {
             res.end(JSON.stringify({ success: false, error: 'Please verify your email before logging in' }));
             return;
           }
-          const sessionId = auth.createSession(user.id, user.email);
+          const THIRTY_DAYS_MS = 30 * 24 * 60 * 60 * 1000;
+          const sessionTtl = remember ? THIRTY_DAYS_MS : config.AUTH.SESSION_TTL;
+          const sessionId = auth.createSession(user.id, user.email, sessionTtl);
           // Add Secure flag for HTTPS (production)
           const isSecure = process.env.NODE_ENV === 'production' || process.env.BASE_URL?.startsWith('https://');
           const secureCookie = isSecure ? '; Secure' : '';
+          const maxAgeCookie = remember ? `; Max-Age=${THIRTY_DAYS_MS / 1000}` : '';
           res.writeHead(200, {
             'Content-Type': 'application/json',
-            'Set-Cookie': `session=${sessionId}; Path=/; HttpOnly; SameSite=Strict${secureCookie}; Max-Age=${config.AUTH.SESSION_TTL / 1000}`
+            'Set-Cookie': `session=${sessionId}; Path=/; HttpOnly; SameSite=Strict${secureCookie}${maxAgeCookie}`
           });
           res.end(JSON.stringify({ success: true }));
         } else {
@@ -1158,6 +1178,25 @@ http.createServer(async (req, res) => {
           console.log('Ticket #' + issue.number + ' added to database');
         }
 
+        // Track the newly created ticket so SSE broadcasts include it
+        // even before GitHub indexes it
+        recentlyCreatedTickets.set(repo + ':' + issue.number, {
+          ticket: {
+            number: issue.number,
+            repo: repo,
+            title: title,
+            body: ticketBody,
+            state: 'OPEN',
+            status: 'Todo',
+            hasClaude: ticketBody.includes('@claude'),
+            project_id: projectId,
+            author: user?.username || 'unknown',
+            createdAt: new Date().toISOString(),
+            comments: []
+          },
+          created: Date.now()
+        });
+
         // Clear cache and broadcast updated board immediately
         github.clearTicketCache();
         broadcastTodoTickets();