heyiam 0.3.7 → 0.3.9

package/dist/public/index.html

@@ -5,7 +5,7 @@
     <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>app</title>
-    <script type="module" crossorigin src="/assets/index-BDh4ne9u.js"></script>
+    <script type="module" crossorigin src="/assets/index-LQHTU1Wz.js"></script>
     <link rel="stylesheet" crossorigin href="/assets/index-ByoBtx7P.css">
   </head>
   <body>

package/dist/render/build-render-data.js

@@ -105,5 +105,6 @@ export function buildProjectRenderData(opts) {
         allSessions: opts.allSessionCards,
         sessionBaseUrl: opts.sessionBaseUrl,
         sessionSuffix: opts.sessionSuffix,
+        ...(opts.hideSessionDates ? { hideSessionDates: true } : {}),
     };
 }

package/dist/render/liquid.js

@@ -110,7 +110,20 @@ export function renderProject(data, extras, templateName) {
         const slug = typeof existingSlug === 'string' && existingSlug !== ''
             ? existingSlug
             : (slugByToken.get(id) ?? '');
-        return { ...rest, slug, rawLog: [] };
+        const merged = { ...rest, slug, rawLog: [] };
+        // When dates are hidden, strip every timestamp from the session so
+        // nothing leaks through the page source. The chart and overlay treat
+        // a missing `date` as "ordinal mode" — no axis labels, no gap markers.
+        if (data.hideSessionDates) {
+            delete merged.date;
+            delete merged.endTime;
+            const children = merged.children;
+            if (Array.isArray(children)) {
+                for (const c of children)
+                    delete c.date;
+            }
+        }
+        return merged;
     });
     // Encode JSON safe for single-quoted HTML attributes
     const sessionsJson = JSON.stringify(chartSessions).replace(/'/g, ''');

package/dist/render/templates/bauhaus/project.liquid

@@ -218,7 +218,7 @@
           <tr>
             <th scope="col">#</th>
             <th scope="col">Session</th>
-            <th scope="col">Date</th>
+            {% unless hideSessionDates %}<th scope="col">Date</th>{% endunless %}
             <th scope="col">Duration</th>
             <th scope="col">LOC</th>
             <th scope="col">Source</th>
@@ -230,7 +230,7 @@
           <tr>
             <td><span class="session-num">{{ forloop.index }}</span></td>
             <td><a href="{{ sessionBaseUrl }}/{{ s.slug }}{{ sessionSuffix }}" class="session-title-link">{{ s.title }}</a></td>
-            <td>{{ s.recordedAt | formatDateShort }}</td>
+            {% unless hideSessionDates %}<td>{{ s.recordedAt | formatDateShort }}</td>{% endunless %}
             <td>{{ s.durationMinutes | formatDuration }}</td>
             <td>{{ s.locChanged | localeNumber }}</td>
             <td>{% if s.sourceTool %}<span class="session-source-badge badge-{{ s.sourceTool | downcase | replace: ' ', '-' }}">{{ s.sourceTool }}</span>{% endif %}</td>

package/dist/render/templates/editorial/project.liquid

@@ -90,7 +90,7 @@
   {% if sessionsJson %}
   <section class="ed-card-section" aria-label="Agent work timeline">
     <h2 class="ed-section-title">Work Timeline</h2>
-    <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'></div>
+    <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'{% if hideSessionDates %} data-hide-dates="1"{% endif %}></div>
   </section>
   {% endif %}
 

package/dist/render/templates/glacier/project.liquid

@@ -131,7 +131,7 @@
             {% assign labelY = barY | minus: 7 %}
             <rect x="{{ barX }}" y="{{ barY }}" width="{{ barWidth }}" height="{{ barH }}" class="chart-bar" aria-label="{{ s.title }}: {{ s.locChanged }} LOC"/>
             <text x="{{ labelX }}" y="{{ labelY }}" class="chart-value" text-anchor="middle">{{ s.locChanged }}</text>
-            <text x="{{ labelX }}" y="180" class="chart-label" text-anchor="middle">{{ s.recordedAt | formatDateShort }}</text>
+            <text x="{{ labelX }}" y="180" class="chart-label" text-anchor="middle">{% if hideSessionDates %}#{{ forloop.index }}{% else %}{{ s.recordedAt | formatDateShort }}{% endif %}</text>
           {% endfor %}
         </svg>
       </div>
@@ -223,7 +223,7 @@
             <tr>
               <th scope="col">#</th>
               <th scope="col">Title</th>
-              <th scope="col">Date</th>
+              {% unless hideSessionDates %}<th scope="col">Date</th>{% endunless %}
               <th scope="col">Duration</th>
               <th scope="col">LOC</th>
               <th scope="col">Source</th>
@@ -235,7 +235,7 @@
             <tr>
               <td>{{ forloop.index }}</td>
               <td><a href="{{ sessionBaseUrl }}/{{ s.slug }}{{ sessionSuffix }}" class="session-title-link">{{ s.title }}</a></td>
-              <td>{{ s.recordedAt | formatDateShort }}</td>
+              {% unless hideSessionDates %}<td>{{ s.recordedAt | formatDateShort }}</td>{% endunless %}
               <td>{{ s.durationMinutes | formatDuration }}</td>
               <td>{{ s.locChanged | localeNumber }}</td>
               <td>{% if s.sourceTool %}<span class="session-source-badge">{{ s.sourceTool }}</span>{% endif %}</td>

package/dist/render/templates/kinetic/project.liquid

@@ -107,7 +107,7 @@
     <div class="section-tag">Agent work</div>
     <h2 class="section-title">Work timeline</h2>
     <div class="timeline-container">
-      <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'></div>
+      <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'{% if hideSessionDates %} data-hide-dates="1"{% endif %}></div>
     </div>
   </section>
   {% endif %}

package/dist/render/templates/minimal/project.liquid

@@ -55,7 +55,7 @@
     {% if sessionsJson %}
     <div class="mn-section">
       <h2 class="mn-section-heading">Work Timeline</h2>
-      <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'></div>
+      <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'{% if hideSessionDates %} data-hide-dates="1"{% endif %}></div>
     </div>
     <hr class="mn-rule" />
     {% endif %}

package/dist/render/templates/paper/project.liquid

@@ -100,7 +100,7 @@
             <tr>
               <th scope="col">#</th>
               <th scope="col">Title</th>
-              <th scope="col">Date</th>
+              {% unless hideSessionDates %}<th scope="col">Date</th>{% endunless %}
               <th scope="col" class="text-right">Duration</th>
               <th scope="col" class="text-right">LOC</th>
               <th scope="col">Source</th>
@@ -114,7 +114,7 @@
             <tr>
               <td>{{ forloop.index }}</td>
               <td>{{ s.title }}</td>
-              <td>{{ s.recordedAt | formatDateShort }}</td>
+              {% unless hideSessionDates %}<td>{{ s.recordedAt | formatDateShort }}</td>{% endunless %}
               <td class="text-right">{{ s.durationMinutes | formatDuration }}</td>
               <td class="text-right">{{ s.locChanged | localeNumber }}</td>
               <td>{{ s.sourceTool }}</td>

package/dist/render/templates/partials/_work-timeline.liquid

@@ -3,5 +3,5 @@
     <h3 class="section-header__title">Work timeline</h3>
     <span class="section-header__meta">sessions over time</span>
   </div>
-  <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'></div>
+  <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'{% if hideSessionDates %} data-hide-dates="1"{% endif %}></div>
 </div>

package/dist/render/templates/project.liquid

@@ -94,7 +94,7 @@
       <h3 class="section-header__title">Work timeline</h3>
       <span class="section-header__meta">sessions over time</span>
     </div>
-    <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'></div>
+    <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'{% if hideSessionDates %} data-hide-dates="1"{% endif %}></div>
   </div>
 
   {%- comment -%} Growth Chart mount point {%- endcomment -%}

package/dist/render/templates/radar/project.liquid

@@ -103,7 +103,7 @@
   <section class="radar-section" aria-label="Work timeline">
     <div class="radar-label">Work Timeline</div>
     <div class="chart-card">
-      <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'></div>
+      <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'{% if hideSessionDates %} data-hide-dates="1"{% endif %}></div>
     </div>
   </section>
   {% endif %}

package/dist/render/templates/showcase/project.liquid

@@ -90,7 +90,7 @@
             <h3>Work Timeline</h3>
             <span class="sc-section-label">sessions over time</span>
           </div>
-          <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'></div>
+          <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'{% if hideSessionDates %} data-hide-dates="1"{% endif %}></div>
         </div>
       </section>
 

package/dist/render/templates/terminal/project.liquid

@@ -69,7 +69,7 @@
   {% if sessionsJson %}
   <div class="term-section">
     <div class="term-comment"># work timeline</div>
-    <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'></div>
+    <div data-work-timeline data-sessions='{{ sessionsJson | raw }}'{% if hideSessionDates %} data-hide-dates="1"{% endif %}></div>
   </div>
   {% endif %}
 

package/dist/routes/context.js

@@ -9,8 +9,8 @@ import { bridgeToAnalyzer, mergeActiveIntervals, sumIntervalMs } from '../bridge
 import { analyzeSession } from '../analyzer.js';
 import { loadEnhancedData, loadProjectEnhanceResult, getUploadedState, } from '../settings.js';
 import { getTemplateCss } from '../render/templates.js';
-import { archiveSessionFiles } from '../archive.js';
-import { getDatabase, openDatabase, getSessionStats as dbGetSessionStats, getSessionCount, getAllSessionMetas, getAllProjectStats, getSessionsByProject, getProjectUuid, } from '../db.js';
+import { archiveSessionFiles, findReadableSessionPath } from '../archive.js';
+import { getDatabase, openDatabase, getSessionStats as dbGetSessionStats, getSessionCount, getAllSessionMetas, getAllProjectStats, getSessionsByProject, getProjectUuid, getSessionRow, updateSessionPath, } from '../db.js';
 import { ensureSessionIndexed, displayNameFromDir } from '../sync.js';
 export { displayNameFromDir };
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
@@ -298,11 +298,34 @@ export function createRouteContext(sessionsBasePath, dbPath) {
         };
     }
     async function loadSession(sessionPath, projectName, sessionId) {
-        const parsed = await parseSession(sessionPath);
+        const readablePath = await resolveSessionReadPath(sessionPath, sessionId);
+        const parsed = await parseSession(readablePath);
         const analyzerInput = bridgeToAnalyzer(parsed, { sessionId, projectName });
         const session = analyzeSession(analyzerInput);
         return mergeEnhancedData(session);
     }
+    /**
+     * Returns a path to a readable session file. If the originally-indexed
+     * path still exists, returns it unchanged. Otherwise falls back to the
+     * archive copy and heals the DB cache so future reads skip the lookup.
+     *
+     * This compensates for source tools (notably Claude Code's 30-day
+     * cleanup) deleting session files after we've indexed them.
+     */
+    async function resolveSessionReadPath(originalPath, sessionId) {
+        const row = getSessionRow(db, sessionId);
+        const projectDir = row?.project_dir;
+        if (!projectDir)
+            return originalPath;
+        const readable = await findReadableSessionPath(originalPath, projectDir);
+        if (!readable)
+            return originalPath;
+        if (readable !== originalPath) {
+            updateSessionPath(db, sessionId, readable);
+            console.log(`[loadSession] Healed stale path for ${sessionId} → archive copy`);
+        }
+        return readable;
+    }
     // ── getSessionStats ──────────────────────────────────────
     async function getSessionStats(meta, projectName) {
         try {

package/dist/routes/enhance.js

@@ -5,7 +5,7 @@ import { enhanceProject, refineNarrative } from '../llm/project-enhance.js';
 import { getAnthropicApiKey, saveEnhancedData, loadEnhancedData, deleteEnhancedData, loadFreshProjectEnhanceResult, saveProjectEnhanceResult, loadProjectEnhanceResult, buildProjectFingerprint, getUploadedState, } from '../settings.js';
 import { requireProject } from './context.js';
 import { startSSE } from './sse.js';
-import { invalidatePortfolioPreviewCache } from './preview.js';
+import { invalidatePortfolioPreviewCache, invalidateProjectPreviewCache } from './preview.js';
 export function createEnhanceRouter(ctx) {
     const router = Router();
     // Triage endpoint -- AI selects which sessions are worth showcasing (SSE stream)
@@ -259,7 +259,11 @@ export function createEnhanceRouter(ctx) {
     // Save project enhance result explicitly
     router.post('/api/projects/:project/enhance-save', async (req, res) => {
         const project = String(req.params.project);
-        const { selectedSessionIds, result, title, repoUrl, projectUrl, screenshotBase64 } = req.body;
+        // FIXME(security): screenshotBase64 is accepted with no size cap and no
+        // `data:image/(png|jpeg|jpg|webp);base64,...` shape check. Local-only CLI
+        // so not a privilege issue today, but worth a regex + ~4 MB cap for
+        // defense-in-depth and to keep the cache JSON from ballooning.
+        const { selectedSessionIds, result, title, repoUrl, projectUrl, screenshotBase64, hideSessionDates } = req.body;
         if (!Array.isArray(selectedSessionIds) || !result?.narrative) {
             res.status(400).json({ error: { code: 'INVALID_INPUT', message: 'selectedSessionIds and result are required' } });
             return;
@@ -272,9 +276,12 @@ export function createEnhanceRouter(ctx) {
             const proj = await requireProject(ctx, project, res);
             if (!proj)
                 return;
-            saveProjectEnhanceResult(proj.dirName, selectedSessionIds, result, undefined, { title, repoUrl, projectUrl, screenshotBase64 });
+            saveProjectEnhanceResult(proj.dirName, selectedSessionIds, result, undefined, { title, repoUrl, projectUrl, screenshotBase64, hideSessionDates });
             // Project title/narrative/skills appear in portfolio listing — bust cache.
             invalidatePortfolioPreviewCache();
+            // Per-project render cache is keyed by the URL param the client passed.
+            invalidateProjectPreviewCache(project);
+            invalidateProjectPreviewCache(proj.dirName);
             res.json({ saved: true, enhancedAt: new Date().toISOString() });
         }
         catch (err) {

package/dist/routes/preview.js

@@ -54,6 +54,15 @@ function portfolioCacheKey(templateName) {
 export function invalidatePortfolioPreviewCache() {
     portfolioPreviewCache.clear();
 }
+/**
+ * Drop the per-project render-data cache for `projectParam`. Call after any
+ * mutation that affects the rendered project page (title, URLs, narrative,
+ * screenshot, skills, timeline). Without this, the 30s TTL on
+ * previewDataCache masks the change in the React UI.
+ */
+export function invalidateProjectPreviewCache(projectParam) {
+    previewDataCache.delete(projectParam);
+}
 /** Test helper: read current cache entry without mutating. */
 export function _getPortfolioPreviewCacheEntry(templateName = 'editorial') {
     return portfolioPreviewCache.get(portfolioCacheKey(templateName));
@@ -177,6 +186,12 @@ async function buildProjectPreviewData(ctx, projectParam, queryOverrides) {
         repoUrl: metaRepoUrl,
         projectUrl: metaProjectUrl,
         screenshotUrl: (() => {
+            // Manual uploads land only in the enhance-cache JSON (no disk write),
+            // so check the cache first — mirrors export.ts:resolveScreenshotDataUri.
+            const b64 = cachedAny?.screenshotBase64;
+            if (b64) {
+                return b64.startsWith('data:') ? b64 : `data:image/png;base64,${b64}`;
+            }
             return existsSync(path.join(SCREENSHOTS_DIR, `${slug}.png`))
                 ? `/screenshots/${slug}.png`
                 : undefined;
@@ -193,6 +208,7 @@ async function buildProjectPreviewData(ctx, projectParam, queryOverrides) {
         allSessionCards,
         sessionBaseUrl: `/preview/project/${encodeURIComponent(projectParam)}/session`,
         sessionSuffix: '.html',
+        hideSessionDates: cachedAny?.hideSessionDates,
     });
     const result = { renderData, enhanceResult, projName: projAny.name };
     // Cache the result (template-agnostic data, re-rendered cheaply per template)

package/dist/routes/projects.js

@@ -217,7 +217,14 @@ export function createProjectsRouter(ctx) {
                 res.status(400).json({ error: { code: 'NO_CACHE', message: 'Project must be enhanced before managing sessions' } });
                 return;
             }
-            saveProjectEnhanceResult(proj.dirName, selectedSessionIds, cache.result, undefined, { title: cache.title, repoUrl: cache.repoUrl, projectUrl: cache.projectUrl, screenshotBase64: cache.screenshotBase64 });
+            saveProjectEnhanceResult(proj.dirName, selectedSessionIds, cache.result, undefined, {
+                title: cache.title,
+                repoUrl: cache.repoUrl,
+                projectUrl: cache.projectUrl,
+                screenshotBase64: cache.screenshotBase64,
+                template: cache.template,
+                hideSessionDates: cache.hideSessionDates,
+            });
             invalidatePortfolioPreviewCache();
             res.json({ ok: true, selectedSessionIds });
         }

package/dist/routes/publish.js

@@ -55,7 +55,7 @@ export function createPublishRouter(ctx) {
     // Render project preview HTML
     router.post('/api/projects/:project/render-preview', async (req, res) => {
         try {
-            const { username, slug, title, narrative, repoUrl, projectUrl, screenshotUrl, timeline, skills, totalSessions, totalLoc, totalDurationMinutes, totalAgentDurationMinutes, totalFilesChanged, totalTokens, sessionCards, } = req.body;
+            const { username, slug, title, narrative, repoUrl, projectUrl, screenshotUrl, timeline, skills, totalSessions, totalLoc, totalDurationMinutes, totalAgentDurationMinutes, totalFilesChanged, totalTokens, sessionCards, hideSessionDates, } = req.body;
             const renderData = buildProjectRenderData({
                 username: username || 'preview',
                 slug, title, narrative,
@@ -69,6 +69,7 @@ export function createPublishRouter(ctx) {
                 totalFilesChanged: totalFilesChanged || 0,
                 totalTokens,
                 sessionCards: sessionCards || [],
+                hideSessionDates,
             });
             const templateName = getDefaultTemplate() || 'editorial';
             const html = renderProjectHtml(renderData, undefined, templateName);
@@ -181,6 +182,11 @@ export function createPublishRouter(ctx) {
                         send({ type: 'screenshot', status: 'capturing' });
                         const raw = screenshotBase64.includes(',') ? screenshotBase64.split(',')[1] : screenshotBase64;
                         imageBuffer = Buffer.from(raw, 'base64');
+                        // FIXME(security): ext detection only handles png/jpg, so an SVG
+                        // (allowed by the file picker's `accept="image/*"`) gets uploaded
+                        // to S3 with `Content-Type: image/png` while the bytes are SVG.
+                        // CSP on heyi.am mitigates script execution, but reject SVG here
+                        // (or convert it) instead of relying on downstream defenses.
                         ext = screenshotBase64.startsWith('data:image/jpeg') || screenshotBase64.startsWith('data:image/jpg') ? 'jpg' : 'png';
                     }
                     else if (projectUrl) {

package/dist/settings.js

@@ -163,6 +163,8 @@ export function saveProjectEnhanceResult(projectDirName, selectedSessionIds, res
         ...(extras?.repoUrl ? { repoUrl: extras.repoUrl } : {}),
         ...(extras?.projectUrl ? { projectUrl: extras.projectUrl } : {}),
         ...(extras?.screenshotBase64 ? { screenshotBase64: extras.screenshotBase64 } : {}),
+        ...(extras?.template ? { template: extras.template } : {}),
+        ...(extras?.hideSessionDates ? { hideSessionDates: true } : {}),
         result,
     };
     writeFileSync(projectEnhancePath(projectDirName, configDir), JSON.stringify(cache, null, 2), { mode: 0o600 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "heyiam",
-  "version": "0.3.7",
+  "version": "0.3.9",
   "description": "Turn AI coding sessions into portfolio case studies",
   "type": "module",
   "license": "MIT",