heyiam 0.2.19 → 0.2.20

package/dist/db.js

@@ -23,7 +23,7 @@ export function getDatabase(dbPath = getDbPath()) {
     _db = openDatabase(dbPath);
     return _db;
 }
-function closeDatabase() {
+export function closeDatabase() {
     if (_db) {
         _db.close();
         _db = null;
@@ -127,10 +127,10 @@ function migrateToV2(db) {
         // Upsert schema version
         const existing = db.prepare('SELECT version FROM schema_version LIMIT 1').get();
         if (existing) {
-            db.prepare('UPDATE schema_version SET version = ?').run(CURRENT_SCHEMA_VERSION);
+            db.prepare('UPDATE schema_version SET version = ?').run(2);
         }
         else {
-            db.prepare('INSERT INTO schema_version (version) VALUES (?)').run(CURRENT_SCHEMA_VERSION);
+            db.prepare('INSERT INTO schema_version (version) VALUES (?)').run(2);
         }
     });
     tx();
@@ -143,7 +143,7 @@ function migrateToV3(db) {
         uuid TEXT NOT NULL
       )
     `);
-        db.prepare('UPDATE schema_version SET version = ?').run(CURRENT_SCHEMA_VERSION);
+        db.prepare('UPDATE schema_version SET version = ?').run(3);
     });
     tx();
 }
@@ -156,7 +156,7 @@ function migrateToV5(db) {
         if (!cols.some(c => c.name === 'output_tokens')) {
             db.exec('ALTER TABLE sessions ADD COLUMN output_tokens INTEGER NOT NULL DEFAULT 0');
         }
-        db.prepare('UPDATE schema_version SET version = ?').run(CURRENT_SCHEMA_VERSION);
+        db.prepare('UPDATE schema_version SET version = ?').run(5);
     });
     tx();
 }
@@ -167,7 +167,7 @@ function migrateToV4(db) {
         if (!cols.some(c => c.name === 'active_intervals')) {
             db.exec('ALTER TABLE sessions ADD COLUMN active_intervals TEXT');
         }
-        db.prepare('UPDATE schema_version SET version = ?').run(CURRENT_SCHEMA_VERSION);
+        db.prepare('UPDATE schema_version SET version = ?').run(4);
     });
     tx();
 }

package/dist/export.js

@@ -260,7 +260,9 @@ export async function exportHtml(dirName, cache, sessions, outputPath, username
         arc: result.arc,
         fullSessions: sessions,
     });
-    const projectHtml = buildStandalonePage(title, projectBody);
+    const projectHtml = buildStandalonePage(title, projectBody, {
+        description: result.narrative?.slice(0, 200) || undefined,
+    });
     totalBytes += writeAndTrack(join(outputPath, 'index.html'), projectHtml, files);
     // Render session pages — only featured sessions (linked from project page)
     const featuredSessions = pickFeaturedSessions(sessions, cache);
@@ -268,17 +270,19 @@ export async function exportHtml(dirName, cache, sessions, outputPath, username
     mkdirSync(sessionsDir, { recursive: true });
     for (const session of featuredSessions) {
         const sessionSlug = slugify(session.title);
+        const enhanced = loadEnhancedData(session.id);
         const renderData = buildSessionRenderData({
             sessionId: session.id,
             session,
-            enhanced: null,
+            enhanced,
             username,
             projectSlug: slug,
             sessionSlug,
             sourceTool: session.source ?? 'unknown',
         });
         const sessionBody = renderSessionHtml(renderData);
-        const sessionHtml = buildStandalonePage(session.title, sessionBody);
+        const sessionDesc = (enhanced?.developerTake ?? session.developerTake ?? '').slice(0, 200) || undefined;
+        const sessionHtml = buildStandalonePage(session.title, sessionBody, { description: sessionDesc });
         totalBytes += writeAndTrack(join(sessionsDir, `${sessionSlug}.html`), sessionHtml, files);
     }
     return { files, totalBytes, outputPath };
@@ -364,20 +368,24 @@ export function generateHtmlFiles(dirName, cache, sessions, username = 'local',
         arc: result.arc,
         fullSessions: sessions,
     });
-    files.push({ path: 'index.html', content: buildStandalonePage(title, projectBody) });
+    files.push({ path: 'index.html', content: buildStandalonePage(title, projectBody, {
+            description: result.narrative?.slice(0, 200) || undefined,
+        }) });
     const featuredSessions = pickFeaturedSessions(sessions, cache);
     for (const session of featuredSessions) {
         const sessionSlug = slugify(session.title);
+        const enhanced = loadEnhancedData(session.id);
         const renderData = buildSessionRenderData({
             sessionId: session.id,
-            session, enhanced: null, username,
+            session, enhanced, username,
             projectSlug: slug, sessionSlug,
             sourceTool: session.source ?? 'unknown',
         });
         const sessionBody = renderSessionHtml(renderData);
+        const sessionDesc = (enhanced?.developerTake ?? session.developerTake ?? '').slice(0, 200) || undefined;
         files.push({
             path: `sessions/${sessionSlug}.html`,
-            content: buildStandalonePage(session.title, sessionBody),
+            content: buildStandalonePage(session.title, sessionBody, { description: sessionDesc }),
         });
     }
     return files;
@@ -477,19 +485,31 @@ function getInlineMountJs() {
         return '';
     }
 }
-function buildStandalonePage(title, bodyHtml) {
+function buildStandalonePage(title, bodyHtml, opts) {
     const css = getInlineCss();
     const cssTag = css
         ? `<style>${css}\nbody { overflow: auto !important; min-height: auto !important; background: var(--color-surface, #f8f9fb); }</style>`
         : '';
     const mountJs = getInlineMountJs();
     const scriptTag = mountJs ? `<script>${mountJs}</script>` : '';
+    const safeTitle = escapeHtml(title);
+    const safeDesc = opts?.description ? escapeHtml(opts.description) : '';
+    const ogTitle = `${safeTitle} — heyi.am`;
+    const ogTags = `<meta property="og:title" content="${ogTitle}" />
+  <meta property="og:site_name" content="heyi.am" />
+  <meta property="og:type" content="article" />
+  ${safeDesc ? `<meta property="og:description" content="${safeDesc}" />` : ''}
+  ${safeDesc ? `<meta name="description" content="${safeDesc}" />` : ''}
+  <meta name="twitter:card" content="summary" />
+  <meta name="twitter:title" content="${ogTitle}" />
+  ${safeDesc ? `<meta name="twitter:description" content="${safeDesc}" />` : ''}`;
     return `<!DOCTYPE html>
 <html lang="en">
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1" />
-  <title>${escapeHtml(title)} — heyi.am</title>
+  <title>${ogTitle}</title>
+  ${ogTags}
   <link rel="preconnect" href="https://fonts.googleapis.com" />
   <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
   <link href="https://fonts.googleapis.com/css2?family=IBM+Plex+Mono:wght@400;500;600;700&family=Inter:wght@400;500;600;700&family=Space+Grotesk:wght@400;500;600;700&display=swap" rel="stylesheet" />

package/dist/mount.js

@@ -22991,9 +22991,9 @@
           ] }),
           /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)("div", { style: { display: "grid", gridTemplateColumns: "repeat(4, 1fr)", gap: "0.75rem", marginBottom: "1.25rem" }, children: [
             /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(StatBox, { label: "Active Time", value: formatDuration2(session.durationMinutes), primary: true, children: hasChildren && /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(SplitLine, { you: formatDuration2(Math.max(0, session.durationMinutes - session.children.reduce((s, c) => s + c.durationMinutes, 0))), agent: formatDuration2(session.children.reduce((s, c) => s + c.durationMinutes, 0)) }) }),
-            /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(StatBox, { label: "Turns", value: session.turns, children: hasChildren && /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(SplitLine, { you: "You", agent: `${session.children.length} agents` }) }),
+            /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(StatBox, { label: "Turns", value: session.turns, children: hasChildren && /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(SplitLine, { you: "Human", agent: `${session.children.length} agents` }) }),
             /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(StatBox, { label: "Files", value: session.filesChanged?.length === 1 && session.filesChanged[0]?.path === "(aggregate)" ? "\u2014" : session.filesChanged?.length ?? "\u2014" }),
-            /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(StatBox, { label: "LOC", value: formatLoc2(session.linesOfCode), children: hasChildren && /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(SplitLine, { you: formatLoc2(Math.max(0, session.linesOfCode - session.children.reduce((s, c) => s + c.linesOfCode, 0))), agent: formatLoc2(session.children.reduce((s, c) => s + c.linesOfCode, 0)) }) })
+            /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(StatBox, { label: "Lines changed", value: formatLoc2(session.linesOfCode), children: hasChildren && /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(SplitLine, { you: formatLoc2(Math.max(0, session.linesOfCode - session.children.reduce((s, c) => s + c.linesOfCode, 0))), agent: formatLoc2(session.children.reduce((s, c) => s + c.linesOfCode, 0)) }) })
           ] }),
           session.developerTake && /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("p", { style: { fontSize: "0.9375rem", lineHeight: 1.6, color: "var(--on-surface, #191c1e)", borderLeft: "3px solid var(--primary, #084471)", paddingLeft: "0.75rem", marginBottom: "1.25rem" }, children: session.developerTake }),
           session.skills && session.skills.length > 0 && /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("div", { style: { display: "flex", flexWrap: "wrap", gap: "0.375rem", marginBottom: "1.25rem" }, children: session.skills.map((skill) => /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("span", { style: { fontFamily: "var(--font-mono, monospace)", fontSize: "11px", padding: "0.125rem 0.5rem", borderRadius: "0.25rem", background: "var(--violet-bg, #ede9fe)", color: "var(--violet, #6d28d9)" }, children: skill }, skill)) }),
@@ -23069,12 +23069,18 @@
     const [active, setActive] = (0, import_react3.useState)(null);
     showOverlay = (session) => setActive(session);
     if (!active) return null;
-    const slug = active.title.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "").slice(0, 80) || "untitled";
+    const projectEl = document.querySelector("[data-session-base-url]");
+    const baseUrl = projectEl?.getAttribute("data-session-base-url");
+    let sessionPageUrl;
+    if (baseUrl) {
+      const slug = active.title.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "").slice(0, 80) || "untitled";
+      sessionPageUrl = `${baseUrl}/${slug}.html`;
+    }
     return /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(
       SessionOverlay,
       {
         session: active,
-        sessionPageUrl: `./sessions/${slug}.html`,
+        sessionPageUrl,
         onClose: () => setActive(null)
       }
     );

package/dist/render/templates/project.liquid

@@ -1,4 +1,4 @@
-<div class="heyiam-project" data-render-version="2">
+<div class="heyiam-project" data-render-version="2"{% if sessionBaseUrl %} data-session-base-url="{{ sessionBaseUrl }}"{% endif %}>
 
   {%- comment -%} Title {%- endcomment -%}
   <h1 class="project-title">{{ project.title }}</h1>

package/dist/routes/publish.js

@@ -134,7 +134,6 @@ export function createPublishRouter(ctx) {
             }
             const projectData = await projectRes.json();
             send({ type: 'project', status: 'created', projectId: projectData.project_id, slug: projectData.slug });
-            let screenshotUploaded = false;
             // Step 1b: Upload screenshot (non-fatal)
             if (screenshotBase64 || projectUrl) {
                 try {
@@ -177,7 +176,6 @@ export function createPublishRouter(ctx) {
                                 },
                                 body: JSON.stringify({ key }),
                             });
-                            screenshotUploaded = true;
                             send({ type: 'screenshot', status: 'uploaded' });
                         }
                         else {

package/dist/routes/settings.js

@@ -22,7 +22,7 @@ export function createSettingsRouter(_ctx) {
         const key = getAnthropicApiKey();
         res.json({
             hasKey: !!key,
-            maskedKey: key ? `${key.slice(0, 4)}...` : null,
+            maskedKey: key ? `...${key.slice(-4)}` : null,
         });
     });
     return router;

package/dist/screenshot.js

@@ -52,14 +52,19 @@ function isUrlSafe(raw) {
         return false;
     // Reject localhost and private IPs
     const host = parsed.hostname.toLowerCase();
-    if (host === 'localhost' || host === '127.0.0.1' || host === '::1') {
+    // Strip IPv6 brackets for comparison
+    const bare = host.startsWith('[') ? host.slice(1, -1) : host;
+    if (bare === 'localhost' || bare === '127.0.0.1' || bare === '::1' || bare === '0.0.0.0') {
         // Allow our own preview server
         const port = parsed.port || (parsed.protocol === 'https:' ? '443' : '80');
         if (port !== '17845')
             return false;
     }
-    // Reject private IP ranges
-    if (/^(10\.|172\.(1[6-9]|2\d|3[01])\.|192\.168\.|169\.254\.|0\.)/.test(host))
+    // Reject private IP ranges (IPv4)
+    if (/^(10\.|172\.(1[6-9]|2\d|3[01])\.|192\.168\.|169\.254\.|0\.)/.test(bare))
+        return false;
+    // Reject IPv6 private ranges (link-local, ULA, loopback, IPv4-mapped)
+    if (/^(fe80:|fc|fd|::ffff:(10\.|172\.(1[6-9]|2\d|3[01])\.|192\.168\.|127\.))/i.test(bare))
         return false;
     if (host.endsWith('.local') || host.endsWith('.internal'))
         return false;

package/dist/search.js

@@ -1,5 +1,6 @@
 // Search logic combining FTS5 content search with metadata filters
 import { searchFts } from './db.js';
+import { escapeLikeWildcards } from './format-utils.js';
 // ── Helpers ──────────────────────────────────────────────────
 /**
  * Decode projectDir to a human-readable project name.
@@ -69,7 +70,7 @@ function searchWithFilters(db, filters) {
     const params = [];
     if (filters?.project) {
         conditions.push('s.project_dir LIKE ?');
-        params.push(`%${filters.project}%`);
+        params.push(`%${escapeLikeWildcards(filters.project)}%`);
     }
     if (filters?.source) {
         conditions.push('s.source = ?');
@@ -103,7 +104,7 @@ function searchWithFilters(db, filters) {
       ORDER BY s.start_time DESC
       LIMIT ?
     `;
-        params.unshift(`%${filters.file}%`);
+        params.unshift(`%${escapeLikeWildcards(filters.file)}%`);
         params.push(MAX_RESULTS);
     }
     else {

package/dist/server.js

@@ -5,7 +5,7 @@ import { existsSync, readFileSync, writeFileSync, mkdirSync, unlinkSync } from '
 import { execFileSync } from 'node:child_process';
 import { fileURLToPath } from 'node:url';
 import { homedir } from 'node:os';
-import { getDatabase } from './db.js';
+import { getDatabase, closeDatabase } from './db.js';
 import { syncWithTracking, startFileWatcher, startCursorPolling, markSyncPending } from './sync.js';
 import { createRouteContext, createProjectsRouter, createEnhanceRouter, createPublishRouter, createSearchRouter, createSessionsRouter, createArchiveRouter, createAuthRouter, createSettingsRouter, createExportRouter, createPreviewRouter, createDashboardRouter, } from './routes/index.js';
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
@@ -77,13 +77,16 @@ export function createApp(sessionsBasePath, dbPath) {
         }
         next();
     });
-    app.use(cors({ origin: ['http://localhost:17845', 'http://127.0.0.1:17845', 'http://localhost:5173'] }));
+    const corsOrigins = ['http://localhost:17845', 'http://127.0.0.1:17845'];
+    if (process.env.NODE_ENV !== 'production')
+        corsOrigins.push('http://localhost:5173');
+    app.use(cors({ origin: corsOrigins }));
     app.use((_req, res, next) => {
         res.setHeader('X-Content-Type-Options', 'nosniff');
         res.setHeader('X-Frame-Options', 'DENY');
         next();
     });
-    app.use(express.json({ limit: '50mb' }));
+    app.use(express.json({ limit: '10mb' }));
     // ── Mount domain routers ───────────────────────────────────
     app.use(createProjectsRouter(ctx));
     app.use(createEnhanceRouter(ctx));
@@ -108,11 +111,11 @@ export function createApp(sessionsBasePath, dbPath) {
     const staticDir = existsSync(prodDir) ? prodDir : devDir;
     app.use(express.static(staticDir));
     // SPA fallback -- serve index.html for non-API routes
-    const indexPath = path.join(staticDir, 'index.html');
+    // Express 5 requires { root } option for sendFile (absolute paths fail silently)
     app.get('/{*splat}', (_req, res) => {
-        res.sendFile(indexPath, (err) => {
+        res.sendFile('index.html', { root: staticDir }, (err) => {
             if (err && !res.headersSent) {
-                console.error(`[spa] sendFile failed for ${indexPath}:`, err.message);
+                console.error(`[spa] sendFile failed for ${staticDir}/index.html:`, err.message);
                 res.status(404).send('Page not found');
             }
         });
@@ -146,11 +149,12 @@ export function startServer(port = 17845, options) {
                 server.on('close', () => {
                     stopFileWatcher();
                     stopCursorPolling();
+                    closeDatabase();
                     removeServerPidFile();
                 });
             }
             else {
-                server.on('close', () => { removeServerPidFile(); });
+                server.on('close', () => { closeDatabase(); removeServerPidFile(); });
             }
             resolve(server);
         });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "heyiam",
-  "version": "0.2.19",
+  "version": "0.2.20",
   "description": "Turn AI coding sessions into portfolio case studies",
   "type": "module",
   "license": "MIT",