forgecad 0.6.3 → 0.8.0

package/dist-skill/docs/internals/shape-from-slices.md

@@ -1,152 +0,0 @@
-# Shape.fromSlices — Design Document
-
-## Problem
-
-Users want to define 3D shapes by specifying 2D cross-section profiles on
-different planes (like slicing an object at various positions), then
-interpolating between them to create the solid. Think: "here's what the egg
-looks like from the side, here's what it looks like from the top — build me
-the 3D shape."
-
-Today's `loft()` only handles parallel XY cross-sections at different Z
-heights. There is no way to combine constraints from multiple viewing
-directions (e.g., XY circle + XZ egg-ellipse = egg).
-
-## API
-
-```ts
-Shape.fromSlices(slices: Slice[], options?: FromSlicesOptions): Shape
-```
-
-### Types
-
-```ts
-type SlicePlane = 'xy' | 'xz' | 'yz' | Vec3;
-
-interface Slice {
-  on: SlicePlane;    // plane normal (string shorthand or arbitrary unit vector)
-  at: number;        // signed offset along that normal from the origin
-  profile: Sketch;   // 2D cross-section on that plane
-}
-
-interface FromSlicesOptions {
-  edgeLength?: number;       // mesh resolution (Manifold only)
-  boundsPadding?: number;    // SDF bounding box padding (Manifold only)
-}
-```
-
-### Why `Shape.fromSlices()`?
-
-1. **No new global** — `Shape` already exists in the runtime. Adding a static
-   method adds zero namespace pollution.
-2. **Discoverable** — "I want a Shape, what can I build one from?" leads
-   naturally to `Shape.fromSlices`, `Shape.fromPatch`, etc.
-3. **Precedent** — `Points.distance()`, `sdf.sphere()`, `route.fillet()` all
-   use the namespace-dot-method pattern. This extends it to the core `Shape`
-   class.
-4. **Consistent with broader direction** — new specialized constructors go on
-   `Shape` as static methods instead of polluting the flat global namespace.
-
-## Algorithm
-
-### Core idea: group → interpolate → intersect
-
-1. **Group** slices by normal direction. Two slices with the same (or
-   antiparallel) normal belong to the same group.
-
-2. **Within each group** — build a solid by lofting (ThruSections / level-set)
-   between the profiles, placed on their respective parallel planes.
-   - Single-slice group: extrude the profile along the normal direction,
-     bounded generously (later trimmed by intersection).
-   - Multi-slice group: loft between profiles via ThruSections (OCCT) or
-     level-set (Manifold).
-
-3. **Across groups** — boolean-intersect all group solids. Each group's solid
-   represents a "viewing constraint": the final shape must fit within all of
-   them simultaneously.
-
-### Why intersection?
-
-Each group defines "what the object looks like from one direction." Extruding
-a side-view silhouette gives a prism that contains every possible shape
-matching that silhouette. Intersecting all such prisms carves out the shape
-that satisfies all views simultaneously. This is the *visual hull*
-reconstruction principle.
-
-### Examples
-
-**Egg (two silhouettes):**
-```
-Group 1 (normal=Y, 1 slice): XZ egg-ellipse → extrude along Y → egg prism
-Group 2 (normal=X, 1 slice): YZ egg-ellipse → extrude along X → egg prism
-Intersect → egg solid
-```
-
-**Vase (loft + envelope):**
-```
-Group 1 (normal=Z, 3 slices): circle@0, squircle@40, circle@80 → loft
-Group 2 (normal=Y, 1 slice): vase silhouette → extrude along Y
-Intersect → vase with cross-section transitions
-```
-
-**Pure loft (single group):**
-```
-Group 1 (normal=Z, 3 slices): profiles at different Z heights → loft
-No intersection needed (single group) → equivalent to loft()
-```
-
-## Compile plan
-
-A new `kind: 'fromSlices'` is added to `ShapeCompilePlan`:
-
-```ts
-{
-  kind: 'fromSlices';
-  groups: FromSlicesGroupPlan[];
-  edgeLength: number;
-  boundsPadding: number;
-}
-
-interface FromSlicesGroupPlan {
-  normal: [number, number, number];  // unit normal for this group
-  slices: {
-    offset: number;                   // signed distance along normal
-    profile: ProfileCompilePlan;
-  }[];
-}
-```
-
-### Lowering strategy
-
-**OCCT backend:**
-- Single-slice group → extrude profile, rotate to align with normal, translate
-- Multi-slice group → ThruSections with wires placed on their planes
-  (existing lowerLoftPlan pattern, generalized from Z-only to arbitrary normal)
-- Intersection → `BRepAlgoAPI_Common`
-- Result: exact B-rep, exportable to STEP
-
-**Manifold backend:**
-- Single-slice group → extrude cross-section, transform
-- Multi-slice group → loft via level-set (existing buildLoftLevelSetInput)
-- Intersection → Manifold boolean intersection
-- Result: mesh
-
-### Single-group optimization
-
-When all slices share the same normal (pure loft case), skip the intersection
-entirely and lower as a plain loft. This avoids unnecessary boolean overhead
-and produces identical output to `loft()`.
-
-## Broader API implications
-
-This is the first `Shape` static method. It establishes a pattern for future
-specialized constructors:
-
-| Method | Replaces global | Status |
-|--------|----------------|--------|
-| `Shape.fromSlices()` | (new) | This PR |
-| `Shape.fromPatch()` | `surfacePatch()` | Future |
-
-Existing globals (`loft`, `sweep`, `box`, etc.) remain unchanged — no
-migration, no breakage. New specialized construction goes through
-`Shape.method()`.

package/dist-skill/docs/platform/admin.md

@@ -1,45 +0,0 @@
-# Admin Dashboard & Audit System
-
-The admin dashboard lives at `/admin` and is restricted to users with `role = 'admin'`. The frontend gate is in `src/pages/AdminPage.tsx`; the backend enforces the same role check on `/api/admin/*` routes.
-
-## Dashboard features
-
-- **System health** -- server status, uptime, version (fetched from `/api/health`).
-- **User statistics** -- total users, total projects, active today.
-- **User list** -- all users with name, email, role, and join date.
-- **Audit log** -- recent activity feed (via `/api/admin/audit`).
-
-## Audit log
-
-Every significant user action is recorded in the `audit_log` table. The schema (`server/db/schema.ts`):
-
-| Column | Type | Description |
-|--------|------|-------------|
-| `id` | uuid | Primary key |
-| `user_id` | uuid | FK to `users` |
-| `project_id` | uuid | FK to `projects` (nullable) |
-| `action` | text | Event type (see below) |
-| `details` | jsonb | Arbitrary metadata |
-| `ip_address` | inet | Client IP |
-| `created_at` | timestamptz | When it happened |
-
-### Tracked actions
-
-| Category | Actions |
-|----------|---------|
-| Auth | `user.register`, `user.login`, `user.password_reset`, `user.token_replay_detected` |
-| Projects | `project.create`, `project.update`, `project.delete` |
-| Files | `file.save`, `file.delete` |
-| Shares | `share.publish`, `share.unpublish` |
-
-Audit inserts are inline in each route handler (`server/routes/auth.ts`, `server/routes/projects.ts`, `server/routes/files.ts`, `server/routes/shares.ts`).
-
-## Granting admin access
-
-There is no self-service role escalation. Set the role directly in the database:
-
-```sql
-UPDATE users SET role = 'admin' WHERE email = 'user@example.com';
-```
-
-See [auth.md](auth.md) for the role system and [../project/runbook.md](../project/runbook.md) for production database access.

package/dist-skill/docs/platform/architecture.md

@@ -1,79 +0,0 @@
-# System Architecture
-
-ForgeCAD is a browser-based parametric CAD application. The production stack runs as Docker containers on Hetzner, managed by Coolify.
-
-## Stack Overview
-
-```
-Internet
-  |
-Coolify Proxy (Traefik, TLS termination)
-  |
-forgecad container (Fastify / Node.js)
-  |--- serves SPA (Vite-built React frontend)
-  |--- API routes (/api/*)
-  |
-PostgreSQL
-```
-
-**Frontend:** React SPA built with Vite. Three.js (via React Three Fiber) powers the 3D viewport. Monaco Editor provides the code editor. The SPA is served by the same Fastify process that handles API routes.
-
-**Server:** Fastify with Drizzle ORM for database access. Serves both the static SPA bundle and the `/api/*` JSON endpoints from a single process.
-
-**Database:** PostgreSQL for user accounts, project metadata, and application state.
-
-**File storage:** User project files are stored on disk (Docker volume `project-data`), not in the database.
-
-## Docker Compose Configurations
-
-Two compose files support different deployment targets:
-
-| File | Services | Use case |
-|------|----------|----------|
-| `docker-compose.yml` | Caddy + ForgeCAD + PostgreSQL + Redis | Full self-hosted deployment with built-in TLS |
-| `docker-compose.coolify.yml` | ForgeCAD + PostgreSQL | Coolify-managed deployment (Traefik handles TLS) |
-
-Production uses `docker-compose.coolify.yml`. Coolify auto-deploys on push to the `mainline` branch.
-
-## Authentication
-
-JWT-based auth with token rotation:
-
-- **Access tokens:** 15-minute expiry
-- **Refresh tokens:** 7-day expiry, rotated on use
-
-See [auth.md](auth.md) for details on OAuth providers, token flow, and session management.
-
-## URL Routes
-
-| Route | Access | Purpose |
-|-------|--------|---------|
-| `/` | Public | Landing page |
-| `/docs`, `/docs/:slug` | Public | API documentation |
-| `/blog`, `/blog/:slug` | Public | Announcements and tutorials |
-| `/app` | Auth-gated | The CAD editor |
-| `/app?gist=<id>` | Public preview | Shared model from GitHub Gist (read-only until login) |
-| `/app?url=<url>` | Public preview | Shared model from external URL |
-| `/app#code/<file>/<compressed>` | Public preview | Shared model with inline code |
-| `/app?embed=1` | Public | Embed-only viewport (no chrome, for iframes) |
-| `/m/:shareId` | Public | Published model preview (code + 3D viewport) |
-| `/m/:shareId?embed=1` | Public | Published model embed (viewport only) |
-| `/admin` | Admin role | User management, system health, audit log |
-| `/auth/callback/*` | Public | OAuth callback handlers |
-
-## Security
-
-- **Rate limiting:** 100 requests/min per IP; 10 auth attempts per 15 minutes
-- **CORS:** Origin whitelist (no wildcard)
-- **CSP:** Content Security Policy headers on all responses
-- **Path traversal:** Server-side validation on all file access paths
-
-## Related Documentation
-
-- [auth.md](auth.md) -- Authentication and authorization
-- [projects.md](projects.md) -- Project storage and management
-- [sharing.md](sharing.md) -- Model sharing and embeds
-- [admin.md](admin.md) -- Admin panel
-- [email.md](email.md) -- Transactional email
-- [../project/deployment.md](../project/deployment.md) -- Environment variables and deployment setup
-- [../project/runbook.md](../project/runbook.md) -- Operational procedures and troubleshooting

package/dist-skill/docs/platform/auth.md

@@ -1,110 +0,0 @@
-# Authentication
-
-ForgeCAD uses JWT-based authentication with refresh token rotation. Tokens are delivered via `httpOnly` cookies -- never exposed to client-side JavaScript.
-
----
-
-## Token Architecture
-
-- **Access token**: JWT signed with HMAC (HS256). Default lifetime: 15 minutes.
-- **Refresh token**: Opaque token stored in the database. Default lifetime: 7 days.
-- **Rotation**: Each refresh request issues a new refresh token and invalidates the old one. If a previously-used refresh token is replayed, all sessions for that user are revoked (replay detection).
-
-Both tokens are set as `httpOnly`, `Secure`, `SameSite=Strict` cookies.
-
----
-
-## User Roles
-
-| Role | Access |
-|-------|--------|
-| `user` | Standard account, can use `/app` and all editor features |
-| `admin` | Full access including `/admin` dashboard |
-
-Middleware:
-
-- `requireAuth` -- extracts the user from the JWT access token. Returns 401 if the token is missing or expired.
-- `requireAdmin` -- calls `requireAuth`, then checks `role === 'admin'`. Returns 403 otherwise.
-
----
-
-## Registration and Login
-
-1. **Register** (`POST /api/auth/register`) -- accepts email and password. Creates the account and sends a verification email. See [email delivery](email.md) for delivery configuration.
-2. **Verify email** (`GET /api/auth/verify-email`) -- confirms the address using the token from the email link.
-3. **Login** (`POST /api/auth/login`) -- validates credentials, sets access and refresh token cookies.
-
-Password reset:
-
-1. `POST /api/auth/forgot-password` -- sends a reset email with a single-use token (1-hour expiry).
-2. `POST /api/auth/reset-password` -- applies the new password using the reset token.
-
----
-
-## OAuth
-
-GitHub and Google are supported as optional OAuth providers. They are enabled by setting the corresponding environment variables (see below). When not configured, the provider is omitted from the login UI.
-
-- `GET /api/auth/providers` -- returns the list of configured OAuth providers and their authorization URLs.
-- `POST /api/auth/callback/:provider` -- handles the OAuth redirect, creates or links the account, and sets token cookies.
-
----
-
-## API Endpoints
-
-| Method | Route | Purpose |
-|--------|-------|---------|
-| `POST` | `/api/auth/register` | Create account |
-| `POST` | `/api/auth/login` | Login (sets cookies) |
-| `POST` | `/api/auth/refresh` | Rotate refresh token, issue new access token |
-| `POST` | `/api/auth/logout` | Clear session cookies, invalidate refresh token |
-| `GET` | `/api/auth/session` | Return current user info (requires valid access token) |
-| `GET` | `/api/auth/providers` | List available OAuth providers |
-| `POST` | `/api/auth/callback/:provider` | OAuth callback |
-| `POST` | `/api/auth/forgot-password` | Request password reset email |
-| `POST` | `/api/auth/reset-password` | Apply password reset |
-| `GET` | `/api/auth/verify-email` | Confirm email address |
-| `POST` | `/api/auth/resend-verification` | Resend verification email |
-
----
-
-## Rate Limiting
-
-Auth endpoints are rate-limited to **10 requests per 15 minutes per IP**. This applies to login, registration, password reset, and token refresh. Exceeding the limit returns HTTP 429.
-
----
-
-## Environment Variables
-
-| Variable | Required | Default | Purpose |
-|----------|----------|---------|---------|
-| `FORGE_JWT_SECRET` | Yes | -- | HMAC signing key for JWT access tokens |
-| `FORGE_JWT_ACCESS_EXPIRES` | No | `15m` | Access token lifetime (e.g. `15m`, `1h`) |
-| `FORGE_JWT_REFRESH_EXPIRES` | No | `7d` | Refresh token lifetime |
-| `GITHUB_CLIENT_ID` | No | -- | GitHub OAuth application ID |
-| `GITHUB_CLIENT_SECRET` | No | -- | GitHub OAuth secret |
-| `GOOGLE_CLIENT_ID` | No | -- | Google OAuth client ID |
-| `GOOGLE_CLIENT_SECRET` | No | -- | Google OAuth secret |
-| `FORGE_ALLOWED_ORIGINS` | No | `localhost` | Comma-separated list of allowed CORS origins |
-
-See [deployment.md](../project/deployment.md) for the full environment variable reference.
-
----
-
-## Troubleshooting
-
-**500 on login** -- `FORGE_JWT_SECRET` is not set. The server cannot sign tokens without it.
-
-**401 on authenticated endpoints** -- the access token has expired. The client should call `POST /api/auth/refresh` to obtain a new one. If refresh also returns 401, the session has expired entirely and the user must log in again.
-
-**CORS errors** -- `FORGE_ALLOWED_ORIGINS` does not include the frontend's origin. Add the correct domain (e.g. `https://forgecad.io`).
-
----
-
-## Source Files
-
-| File | Purpose |
-|------|---------|
-| `server/routes/auth.ts` | All auth route handlers |
-| `server/middleware/auth.ts` | `requireAuth` and `requireAdmin` middleware |
-| `server/db/schema.ts` | User and refresh token table definitions |

package/dist-skill/docs/platform/email.md

@@ -1,67 +0,0 @@
-# Email Delivery
-
-ForgeCAD uses [Resend](https://resend.com) for transactional email. The free tier covers 3,000 emails/month and 100/day — more than enough for early production.
-
-Emails are sent for:
-- Email address verification (on register + resend)
-- Password reset links
-
-See [auth.md](auth.md) for the authentication flows that trigger these emails.
-
-## Environment Variables
-
-| Variable | Required | Default | Notes |
-|---|---|---|---|
-| `RESEND_API_KEY` | Yes (in prod) | — | From Resend dashboard |
-| `FORGE_EMAIL_FROM` | No | `ForgeCAD <noreply@forgecad.io>` | Must match a verified domain |
-| `FORGE_APP_URL` | No | `http://localhost:5173` | Base URL used in email links |
-
-Without `RESEND_API_KEY`, emails fall back to `console.log` — fine for local dev.
-
-See [../project/deployment.md](../project/deployment.md) for the full environment variable reference.
-
-## First-Time Setup
-
-### 1. Create a Resend account
-
-Sign up at [resend.com](https://resend.com). No credit card required for the free tier.
-
-### 2. Verify your sending domain
-
-In the Resend dashboard: **Domains** > **Add Domain** > enter `forgecad.io`.
-
-Resend will show you DNS records to add (typically a few TXT/MX entries). If your DNS is on **Cloudflare**, Resend can auto-configure the records — just connect your Cloudflare account in the Resend dashboard. It takes a few minutes to propagate.
-
-### 3. Create an API key
-
-In the Resend dashboard: **API Keys** > **Create API Key**.
-
-Use **Send access only** — no need for full access on the server.
-
-### 4. Set env vars
-
-In Coolify (production) or your local `.env`:
-
-```
-RESEND_API_KEY=re_...
-FORGE_EMAIL_FROM=ForgeCAD <noreply@forgecad.io>
-FORGE_APP_URL=https://forgecad.io
-```
-
-## Local Development
-
-Leave `RESEND_API_KEY` unset. The `send()` function detects the missing key and logs the email content and token to the console instead of sending. Token links are printed so you can copy them directly into the browser.
-
-## Code Layout
-
-| File | Purpose |
-|---|---|
-| `server/email/send.ts` | Resend client + `sendVerificationEmail` / `sendPasswordResetEmail` helpers |
-| `server/env.ts` | `resendApiKey`, `emailFrom`, `appUrl` env vars |
-| `server/routes/auth.ts` | Calls into `send.ts` from register, forgot-password, resend-verification routes |
-
-## Adding a New Email Type
-
-1. Add a new `send*Email(to, ...)` export in `server/email/send.ts`
-2. Call it from the relevant route in `server/routes/auth.ts` (or wherever)
-3. No new infrastructure needed — same Resend client and `send()` helper

package/dist-skill/docs/platform/projects.md

@@ -1,111 +0,0 @@
-# Projects and File Management
-
-Projects are the top-level container for user work in ForgeCAD. Each project groups related scripts, notebooks, and output files under a single name with access controls.
-
-## Project Model
-
-Each project has:
-
-| Field | Type | Description |
-|-------|------|-------------|
-| `id` | UUID | Primary key |
-| `slug` | string | URL-safe identifier, unique per owner |
-| `name` | string | Display name |
-| `visibility` | `private` \| `public` | Controls unauthenticated access |
-| `ownerId` | UUID | Foreign key to the user who created the project |
-
-Source: `server/db/schema.ts`
-
-## Member Roles
-
-Projects support collaborative access through membership:
-
-| Role | Capabilities |
-|------|-------------|
-| **owner** | Full control: rename, delete, manage members, read/write files |
-| **editor** | Read and write files (save, delete, mkdir) |
-| **viewer** | Read files, watch for changes |
-
-The owner is always the user who created the project. Ownership cannot be transferred through the membership API.
-
-## File Storage
-
-Project files are stored on disk, not in the database. The storage root is configured by the `FORGE_STORAGE_ROOT` environment variable (default: `/data/projects` in Docker). Each project gets an isolated directory under this root.
-
-See [deployment.md](../project/deployment.md) for Docker volume and storage configuration.
-
-### Supported File Types
-
-| Extension | Purpose |
-|-----------|---------|
-| `.forge.js` | ForgeCAD model scripts |
-| `.forge-notebook.json` | Interactive notebooks |
-| `.js` | Utility modules (imported by scripts) |
-| `.svg` | Vector assets |
-| `.stl`, `.3mf` | Exported mesh files |
-
-### Path Traversal Protection
-
-All file operations validate resolved paths against the project's storage directory. Any path that escapes the project root (via `..` segments or symlinks) is rejected. This check runs in `server/storage.ts` before any read or write reaches the filesystem.
-
-### Storage Quotas
-
-Each user has a storage quota tracked via `storage_used_bytes` on the user record.
-
-| Limit | Value |
-|-------|-------|
-| Storage per user | 50 MB |
-| Projects per user | 20 |
-
-The quota is checked before every file write. Storage counters are adjusted atomically and clamped to zero to prevent negative drift from race conditions or deleted files.
-
-Source: `server/quotas.ts`
-
-## Real-Time File Watching
-
-Clients can subscribe to file changes via Server-Sent Events:
-
-```
-GET /api/projects/:id/watch
-```
-
-This endpoint streams events whenever files in the project are created, modified, or deleted. The editor uses this to stay in sync when multiple clients have the same project open.
-
-## API Endpoints
-
-### Projects
-
-| Method | Route | Min Role | Purpose |
-|--------|-------|----------|---------|
-| GET | `/api/projects` | -- | List the authenticated user's projects |
-| POST | `/api/projects` | -- | Create a new project |
-| GET | `/api/projects/:id` | viewer | Get project details |
-| PATCH | `/api/projects/:id` | owner | Update project name, slug, or visibility |
-| DELETE | `/api/projects/:id` | owner | Delete project and all its files |
-
-### Members
-
-| Method | Route | Min Role | Purpose |
-|--------|-------|----------|---------|
-| GET | `/api/projects/:id/members` | viewer | List project members |
-| POST | `/api/projects/:id/members` | owner | Add a member by user ID |
-| PATCH | `/api/projects/:id/members/:userId` | owner | Change a member's role |
-| DELETE | `/api/projects/:id/members/:userId` | owner | Remove a member |
-
-### Files
-
-| Method | Route | Min Role | Purpose |
-|--------|-------|----------|---------|
-| GET | `/api/projects/:id/watch` | viewer | SSE stream of file changes |
-| POST | `/api/projects/:id/save` | editor | Write file contents to disk |
-| POST | `/api/projects/:id/delete` | editor | Delete a file |
-| POST | `/api/projects/:id/mkdir` | editor | Create a directory |
-| GET | `/api/projects/:id/read-binary` | viewer | Download a binary file (meshes, assets) |
-
-Source: `server/routes/projects.ts`, `server/routes/files.ts`
-
-## Related
-
-- [Architecture](architecture.md) -- system overview and deployment topology
-- [Sharing](sharing.md) -- model publishing and public URLs
-- [Deployment](../project/deployment.md) -- storage volume configuration, Docker setup

package/dist-skill/docs/platform/sharing.md

@@ -1,90 +0,0 @@
-# Model Sharing and Publishing
-
-ForgeCAD supports multiple ways to share models. Two categories exist: **server-backed publishing** (persistent URLs, requires auth to publish) and **client-side sharing** (no server needed, data encoded in the URL).
-
-See [architecture.md](architecture.md) for the full URL route table.
-
-## Server-backed publishing
-
-Authenticated users can publish models to get a stable, public URL. Published models are stored in the `shared_files` database table.
-
-### Database schema (`shared_files`)
-
-| Column | Type | Notes |
-|--------|------|-------|
-| `id` | uuid | Primary key |
-| `share_id` | text | Unique, 10-char nanoid -- the URL identifier |
-| `owner_id` | uuid | FK to `users.id`, cascade delete |
-| `filename` | text | Original filename |
-| `code` | text | Full source code |
-| `title` | text | Optional display title |
-| `created_at` | timestamptz | Auto-set |
-| `updated_at` | timestamptz | Auto-set, updated on re-publish |
-
-### Public URLs
-
-| URL | Behavior |
-|-----|----------|
-| `/m/:shareId` | Full model preview: source code panel + 3D viewport |
-| `/m/:shareId?embed=1` | Viewport only, no UI chrome -- designed for iframe embeds |
-
-No authentication is required to view a published model.
-
-### API endpoints
-
-| Method | Route | Auth | Purpose |
-|--------|-------|------|---------|
-| GET | `/api/shares/:shareId` | None | Fetch a published model (code, title, author name, timestamps) |
-| GET | `/api/shares` | Required | List the authenticated user's published models |
-| POST | `/api/shares` | Required | Publish a new model or update an existing one |
-| DELETE | `/api/shares/:shareId` | Required (owner or admin) | Unpublish a model |
-
-### Publish behavior
-
-- If the user already has a published model with the same filename, `POST /api/shares` updates the existing share rather than creating a new one. The `share_id` is preserved so existing links remain valid.
-- Each user may publish up to **100** models. Exceeding this limit returns `403` with `{ error: "Share limit reached" }`.
-- All publish, update, and delete operations are recorded in the `audit_log` table.
-
-### Audit trail
-
-Every share mutation writes to `audit_log` with one of these actions:
-- `share.publish` -- new model published
-- `share.update` -- existing model code/title updated
-- `share.delete` -- model unpublished
-
-## Client-side sharing (no server)
-
-These methods encode model data directly into the URL. They work without authentication and without the hosted backend.
-
-### Inline code (hash fragment)
-
-Format: `/app#code/<filename>/<lz-compressed-code>`
-
-The code is compressed with `lz-string` (`compressToEncodedURIComponent`) and placed in the URL hash. Since hash fragments are not sent to the server, this works entirely client-side. Encoding and decoding logic lives in `src/share.ts`.
-
-### Multi-file bundles (hash fragment)
-
-Format: `/app#bundle/<lz-compressed-packed>`
-
-Packs multiple files into a single compressed payload using null-byte separators: `entry\0filename1\0code1\0filename2\0code2...`. Used when a model has import dependencies.
-
-### Gist sharing
-
-Format: `/app?gist=<github-gist-id>`
-
-Fetches code from a public GitHub Gist at load time.
-
-### URL sharing
-
-Format: `/app?url=<external-url>`
-
-Fetches code from any publicly accessible URL at load time.
-
-## Source files
-
-| File | Role |
-|------|------|
-| `server/routes/shares.ts` | API route handlers for publish/unpublish/list |
-| `server/db/schema.ts` | `sharedFiles` table definition and types |
-| `src/pages/SharedModelPage.tsx` | Frontend page rendering `/m/:shareId` |
-| `src/share.ts` | Client-side encode/decode for hash-based sharing |