hotsheet 0.8.0 → 0.10.0

package/dist/cli.js

@@ -315,7 +315,7 @@ async function getDashboardStats(days) {
     ticket_number: r.ticket_number,
     title: r.title,
     completed_at: r.completed_at,
-    days: Math.max(0, Math.round((new Date(r.completed_at).getTime() - new Date(r.created_at).getTime()) / 864e5))
+    hours: Math.max(0, (new Date(r.completed_at).getTime() - new Date(r.created_at).getTime()) / 36e5)
   }));
   const catResult = await db2.query(
     `SELECT category, COUNT(*) as count FROM tickets
@@ -356,8 +356,8 @@ async function getDashboardStats(days) {
     `SELECT COUNT(*) as count FROM tickets WHERE created_at >= $1`,
     [weekStart.toISOString()]
   );
-  const cycleDays = cycleTime.map((c) => c.days).sort((a, b) => a - b);
-  const medianCycleTimeDays = cycleDays.length > 0 ? cycleDays[Math.floor(cycleDays.length / 2)] : null;
+  const cycleHours = cycleTime.map((c) => c.hours).sort((a, b) => a - b);
+  const medianCycleTimeDays = cycleHours.length > 0 ? Math.round(cycleHours[Math.floor(cycleHours.length / 2)] / 24) : null;
   return {
     throughput,
     cycleTime,
@@ -450,16 +450,16 @@ __export(channel_config_exports, {
   triggerChannel: () => triggerChannel,
   unregisterChannel: () => unregisterChannel
 });
-import { existsSync as existsSync6, readFileSync as readFileSync6, writeFileSync as writeFileSync6 } from "fs";
-import { dirname, join as join8, resolve as resolve2 } from "path";
+import { existsSync as existsSync6, readFileSync as readFileSync5, writeFileSync as writeFileSync5 } from "fs";
+import { dirname, join as join8, resolve as resolve3 } from "path";
 import { fileURLToPath } from "url";
 function getChannelServerPath() {
   const thisDir = dirname(fileURLToPath(import.meta.url));
-  const distPath = resolve2(thisDir, "channel.js");
+  const distPath = resolve3(thisDir, "channel.js");
   if (existsSync6(distPath)) {
     return { command: "node", args: [distPath] };
   }
-  const srcPath = resolve2(thisDir, "channel.ts");
+  const srcPath = resolve3(thisDir, "channel.ts");
   if (existsSync6(srcPath)) {
     return { command: "npx", args: ["tsx", srcPath] };
   }
@@ -472,7 +472,7 @@ function registerChannel(dataDir2) {
   let config = {};
   if (existsSync6(mcpPath)) {
     try {
-      config = JSON.parse(readFileSync6(mcpPath, "utf-8"));
+      config = JSON.parse(readFileSync5(mcpPath, "utf-8"));
     } catch {
     }
   }
@@ -481,24 +481,24 @@ function registerChannel(dataDir2) {
     command,
     args: [...args, "--data-dir", dataDir2]
   };
-  writeFileSync6(mcpPath, JSON.stringify(config, null, 2) + "\n", "utf-8");
+  writeFileSync5(mcpPath, JSON.stringify(config, null, 2) + "\n", "utf-8");
 }
 function unregisterChannel() {
   const cwd = process.cwd();
   const mcpPath = join8(cwd, ".mcp.json");
   if (!existsSync6(mcpPath)) return;
   try {
-    const config = JSON.parse(readFileSync6(mcpPath, "utf-8"));
+    const config = JSON.parse(readFileSync5(mcpPath, "utf-8"));
     if (config.mcpServers?.[MCP_SERVER_KEY]) {
       delete config.mcpServers[MCP_SERVER_KEY];
-      writeFileSync6(mcpPath, JSON.stringify(config, null, 2) + "\n", "utf-8");
+      writeFileSync5(mcpPath, JSON.stringify(config, null, 2) + "\n", "utf-8");
     }
   } catch {
   }
 }
 function getChannelPort(dataDir2) {
   try {
-    const portStr = readFileSync6(join8(dataDir2, "channel-port"), "utf-8").trim();
+    const portStr = readFileSync5(join8(dataDir2, "channel-port"), "utf-8").trim();
     const port2 = parseInt(portStr, 10);
     return isNaN(port2) ? null : port2;
   } catch {
@@ -552,7 +552,7 @@ var init_channel_config = __esm({
 // src/cli.ts
 import { mkdirSync as mkdirSync6 } from "fs";
 import { tmpdir } from "os";
-import { join as join12, resolve as resolve3 } from "path";
+import { join as join13, resolve as resolve4 } from "path";
 
 // src/backup.ts
 init_connection();
@@ -751,76 +751,10 @@ function initBackupScheduler(dataDir2) {
 // src/cleanup.ts
 import { rmSync as rmSync3 } from "fs";
 
-// src/types.ts
-var DEFAULT_CATEGORIES = [
-  { id: "issue", label: "Issue", shortLabel: "ISS", color: "#6b7280", shortcutKey: "i", description: "General issues that need attention" },
-  { id: "bug", label: "Bug", shortLabel: "BUG", color: "#ef4444", shortcutKey: "b", description: "Bugs that should be fixed in the codebase" },
-  { id: "feature", label: "Feature", shortLabel: "FEA", color: "#22c55e", shortcutKey: "f", description: "New features to be implemented" },
-  { id: "requirement_change", label: "Req Change", shortLabel: "REQ", color: "#f97316", shortcutKey: "r", description: "Changes to existing requirements" },
-  { id: "task", label: "Task", shortLabel: "TSK", color: "#3b82f6", shortcutKey: "k", description: "General tasks to complete" },
-  { id: "investigation", label: "Investigation", shortLabel: "INV", color: "#8b5cf6", shortcutKey: "g", description: "Items requiring research or analysis" }
-];
-var CATEGORY_PRESETS = [
-  {
-    id: "software",
-    name: "Software Development",
-    categories: DEFAULT_CATEGORIES
-  },
-  {
-    id: "design",
-    name: "Design / Creative",
-    categories: [
-      { id: "concept", label: "Concept", shortLabel: "CON", color: "#8b5cf6", shortcutKey: "c", description: "Design concepts and explorations" },
-      { id: "revision", label: "Revision", shortLabel: "REV", color: "#f97316", shortcutKey: "r", description: "Revisions to existing designs" },
-      { id: "feedback", label: "Feedback", shortLabel: "FDB", color: "#3b82f6", shortcutKey: "f", description: "Client or stakeholder feedback to address" },
-      { id: "asset", label: "Asset", shortLabel: "AST", color: "#22c55e", shortcutKey: "a", description: "Assets to produce or deliver" },
-      { id: "research", label: "Research", shortLabel: "RSC", color: "#6b7280", shortcutKey: "s", description: "User research or competitive analysis" },
-      { id: "bug", label: "Bug", shortLabel: "BUG", color: "#ef4444", shortcutKey: "b", description: "Visual or UI bugs" }
-    ]
-  },
-  {
-    id: "product",
-    name: "Product Management",
-    categories: [
-      { id: "epic", label: "Epic", shortLabel: "EPC", color: "#8b5cf6", shortcutKey: "e", description: "Large initiatives spanning multiple stories" },
-      { id: "story", label: "Story", shortLabel: "STY", color: "#3b82f6", shortcutKey: "s", description: "User stories describing desired functionality" },
-      { id: "bug", label: "Bug", shortLabel: "BUG", color: "#ef4444", shortcutKey: "b", description: "Bugs that need to be fixed" },
-      { id: "task", label: "Task", shortLabel: "TSK", color: "#22c55e", shortcutKey: "t", description: "Tasks to complete" },
-      { id: "spike", label: "Spike", shortLabel: "SPK", color: "#f97316", shortcutKey: "k", description: "Research or investigation spikes" },
-      { id: "debt", label: "Tech Debt", shortLabel: "DBT", color: "#6b7280", shortcutKey: "d", description: "Technical debt to address" }
-    ]
-  },
-  {
-    id: "marketing",
-    name: "Marketing",
-    categories: [
-      { id: "campaign", label: "Campaign", shortLabel: "CMP", color: "#8b5cf6", shortcutKey: "c", description: "Marketing campaigns" },
-      { id: "content", label: "Content", shortLabel: "CNT", color: "#3b82f6", shortcutKey: "n", description: "Content to create or publish" },
-      { id: "design", label: "Design", shortLabel: "DES", color: "#22c55e", shortcutKey: "d", description: "Design requests and assets" },
-      { id: "analytics", label: "Analytics", shortLabel: "ANL", color: "#f97316", shortcutKey: "a", description: "Analytics and reporting tasks" },
-      { id: "outreach", label: "Outreach", shortLabel: "OUT", color: "#6b7280", shortcutKey: "o", description: "Outreach and partnership activities" },
-      { id: "event", label: "Event", shortLabel: "EVT", color: "#ef4444", shortcutKey: "e", description: "Events to plan or manage" }
-    ]
-  },
-  {
-    id: "personal",
-    name: "Personal",
-    categories: [
-      { id: "task", label: "Task", shortLabel: "TSK", color: "#3b82f6", shortcutKey: "t", description: "Things to do" },
-      { id: "idea", label: "Idea", shortLabel: "IDA", color: "#22c55e", shortcutKey: "i", description: "Ideas to explore" },
-      { id: "note", label: "Note", shortLabel: "NTE", color: "#6b7280", shortcutKey: "n", description: "Notes and references" },
-      { id: "errand", label: "Errand", shortLabel: "ERR", color: "#f97316", shortcutKey: "e", description: "Errands and appointments" },
-      { id: "project", label: "Project", shortLabel: "PRJ", color: "#8b5cf6", shortcutKey: "p", description: "Larger projects" },
-      { id: "urgent", label: "Urgent", shortLabel: "URG", color: "#ef4444", shortcutKey: "u", description: "Urgent items" }
-    ]
-  }
-];
-var CATEGORIES = DEFAULT_CATEGORIES.map((c) => ({ value: c.id, label: c.label, color: c.color }));
-var CATEGORY_DESCRIPTIONS = Object.fromEntries(
-  DEFAULT_CATEGORIES.map((c) => [c.id, c.description])
-);
+// src/db/tickets.ts
+init_connection();
 
-// src/db/queries.ts
+// src/db/notes.ts
 init_connection();
 var noteCounter = 0;
 function generateNoteId() {
@@ -863,6 +797,8 @@ async function deleteNote(ticketId, noteId2) {
   await db2.query(`UPDATE tickets SET notes = $1, updated_at = NOW() WHERE id = $2`, [JSON.stringify(notes), ticketId]);
   return notes;
 }
+
+// src/db/tickets.ts
 async function nextTicketNumber() {
   const db2 = await getDb();
   const result = await db2.query("SELECT nextval('ticket_seq')");
@@ -1074,38 +1010,6 @@ async function toggleUpNext(id) {
   );
   return result.rows[0] ?? null;
 }
-async function addAttachment(ticketId, originalFilename, storedPath) {
-  const db2 = await getDb();
-  const result = await db2.query(
-    `INSERT INTO attachments (ticket_id, original_filename, stored_path) VALUES ($1, $2, $3) RETURNING *`,
-    [ticketId, originalFilename, storedPath]
-  );
-  return result.rows[0];
-}
-async function getAttachments(ticketId) {
-  const db2 = await getDb();
-  const result = await db2.query(
-    `SELECT * FROM attachments WHERE ticket_id = $1 ORDER BY created_at ASC`,
-    [ticketId]
-  );
-  return result.rows;
-}
-async function getAttachment(id) {
-  const db2 = await getDb();
-  const result = await db2.query(
-    `SELECT * FROM attachments WHERE id = $1`,
-    [id]
-  );
-  return result.rows[0] ?? null;
-}
-async function deleteAttachment(id) {
-  const db2 = await getDb();
-  const result = await db2.query(
-    `DELETE FROM attachments WHERE id = $1 RETURNING *`,
-    [id]
-  );
-  return result.rows[0] ?? null;
-}
 async function getTicketsForCleanup(verifiedDays = 30, trashDays = 3) {
   const db2 = await getDb();
   const result = await db2.query(`
@@ -1210,69 +1114,6 @@ async function queryTickets(logic, conditions, sortBy, sortDir, requiredTag) {
   );
   return result.rows;
 }
-function normalizeTag(input) {
-  return input.replace(/[^a-zA-Z0-9]+/g, " ").trim().toLowerCase();
-}
-function extractBracketTags(input) {
-  const tags = [];
-  const cleaned = input.replace(/\[([^\]]*)\]/g, (_match, content) => {
-    const tag = normalizeTag(content);
-    if (tag && !tags.includes(tag)) tags.push(tag);
-    return " ";
-  });
-  const title = cleaned.replace(/\s+/g, " ").trim();
-  return { title, tags };
-}
-async function getAllTags() {
-  const db2 = await getDb();
-  const result = await db2.query(`SELECT DISTINCT tags FROM tickets WHERE tags != '[]' AND status != 'deleted'`);
-  const tagSet = /* @__PURE__ */ new Set();
-  for (const row of result.rows) {
-    try {
-      const parsed = JSON.parse(row.tags);
-      if (Array.isArray(parsed)) {
-        for (const tag of parsed) {
-          if (typeof tag === "string" && tag.trim()) {
-            const norm = normalizeTag(tag);
-            if (norm) tagSet.add(norm);
-          }
-        }
-      }
-    } catch {
-    }
-  }
-  return Array.from(tagSet).sort();
-}
-async function getCategories() {
-  const settings = await getSettings();
-  if (settings.categories) {
-    try {
-      const parsed = JSON.parse(settings.categories);
-      if (Array.isArray(parsed) && parsed.length > 0) return parsed;
-    } catch {
-    }
-  }
-  return DEFAULT_CATEGORIES;
-}
-async function saveCategories(categories) {
-  await updateSetting("categories", JSON.stringify(categories));
-}
-async function getSettings() {
-  const db2 = await getDb();
-  const result = await db2.query("SELECT key, value FROM settings");
-  const settings = {};
-  for (const row of result.rows) {
-    settings[row.key] = row.value;
-  }
-  return settings;
-}
-async function updateSetting(key, value) {
-  const db2 = await getDb();
-  await db2.query(
-    `INSERT INTO settings (key, value) VALUES ($1, $2) ON CONFLICT (key) DO UPDATE SET value = $2`,
-    [key, value]
-  );
-}
 async function restoreTicket(id) {
   return updateTicket(id, { status: "not_started" });
 }
@@ -1324,86 +1165,259 @@ async function getTicketStats() {
   };
 }
 
-// src/cleanup.ts
-async function cleanupAttachments() {
-  try {
-    const settings = await getSettings();
-    const verifiedDays = parseInt(settings.verified_cleanup_days, 10) || 30;
-    const trashDays = parseInt(settings.trash_cleanup_days, 10) || 3;
-    const tickets = await getTicketsForCleanup(verifiedDays, trashDays);
-    if (tickets.length === 0) return;
-    let cleaned = 0;
-    for (const ticket of tickets) {
-      const attachments = await getAttachments(ticket.id);
-      for (const att of attachments) {
-        try {
-          rmSync3(att.stored_path, { force: true });
-        } catch {
-        }
-      }
-      await hardDeleteTicket(ticket.id);
-      cleaned++;
-    }
-    if (cleaned > 0) {
-      console.log(`  Cleaned up ${cleaned} old ticket(s) and their attachments.`);
-    }
-  } catch (err) {
-    console.error("Attachment cleanup failed:", err);
-  }
-}
-
-// src/cli.ts
+// src/db/attachments.ts
 init_connection();
-init_file_settings();
-
-// src/lock.ts
-import { existsSync as existsSync3, readFileSync as readFileSync3, rmSync as rmSync4, writeFileSync as writeFileSync3 } from "fs";
-import { join as join4 } from "path";
-var lockPath = null;
-function acquireLock(dataDir2) {
-  lockPath = join4(dataDir2, "hotsheet.lock");
-  if (existsSync3(lockPath)) {
-    try {
-      const contents = JSON.parse(readFileSync3(lockPath, "utf-8"));
-      const pid = contents.pid;
-      try {
-        process.kill(pid, 0);
-        console.error(`
-  Error: Another Hot Sheet instance (PID ${pid}) is already using this data directory.`);
-        console.error(`  Directory: ${dataDir2}`);
-        console.error(`  Stop that instance first, or use --data-dir to point to a different location.
-`);
-        process.exit(1);
-      } catch {
-        console.log(`  Removing stale lock from PID ${pid}`);
-        rmSync4(lockPath, { force: true });
-      }
-    } catch {
-      rmSync4(lockPath, { force: true });
-    }
-  }
-  writeFileSync3(lockPath, JSON.stringify({ pid: process.pid, startedAt: (/* @__PURE__ */ new Date()).toISOString() }));
-  const cleanup = () => releaseLock();
-  process.on("exit", cleanup);
-  process.on("SIGINT", () => {
-    cleanup();
-    process.exit(0);
-  });
-  process.on("SIGTERM", () => {
-    cleanup();
-    process.exit(0);
-  });
+async function addAttachment(ticketId, originalFilename, storedPath) {
+  const db2 = await getDb();
+  const result = await db2.query(
+    `INSERT INTO attachments (ticket_id, original_filename, stored_path) VALUES ($1, $2, $3) RETURNING *`,
+    [ticketId, originalFilename, storedPath]
+  );
+  return result.rows[0];
 }
-function releaseLock() {
-  if (lockPath) {
-    try {
-      rmSync4(lockPath, { force: true });
-    } catch {
-    }
-    lockPath = null;
-  }
+async function getAttachments(ticketId) {
+  const db2 = await getDb();
+  const result = await db2.query(
+    `SELECT * FROM attachments WHERE ticket_id = $1 ORDER BY created_at ASC`,
+    [ticketId]
+  );
+  return result.rows;
 }
-
+async function getAttachment(id) {
+  const db2 = await getDb();
+  const result = await db2.query(
+    `SELECT * FROM attachments WHERE id = $1`,
+    [id]
+  );
+  return result.rows[0] ?? null;
+}
+async function deleteAttachment(id) {
+  const db2 = await getDb();
+  const result = await db2.query(
+    `DELETE FROM attachments WHERE id = $1 RETURNING *`,
+    [id]
+  );
+  return result.rows[0] ?? null;
+}
+
+// src/types.ts
+var DEFAULT_CATEGORIES = [
+  { id: "issue", label: "Issue", shortLabel: "ISS", color: "#6b7280", shortcutKey: "i", description: "General issues that need attention" },
+  { id: "bug", label: "Bug", shortLabel: "BUG", color: "#ef4444", shortcutKey: "b", description: "Bugs that should be fixed in the codebase" },
+  { id: "feature", label: "Feature", shortLabel: "FEA", color: "#22c55e", shortcutKey: "f", description: "New features to be implemented" },
+  { id: "requirement_change", label: "Req Change", shortLabel: "REQ", color: "#f97316", shortcutKey: "r", description: "Changes to existing requirements" },
+  { id: "task", label: "Task", shortLabel: "TSK", color: "#3b82f6", shortcutKey: "k", description: "General tasks to complete" },
+  { id: "investigation", label: "Investigation", shortLabel: "INV", color: "#8b5cf6", shortcutKey: "g", description: "Items requiring research or analysis" }
+];
+var CATEGORY_PRESETS = [
+  {
+    id: "software",
+    name: "Software Development",
+    categories: DEFAULT_CATEGORIES
+  },
+  {
+    id: "design",
+    name: "Design / Creative",
+    categories: [
+      { id: "concept", label: "Concept", shortLabel: "CON", color: "#8b5cf6", shortcutKey: "c", description: "Design concepts and explorations" },
+      { id: "revision", label: "Revision", shortLabel: "REV", color: "#f97316", shortcutKey: "r", description: "Revisions to existing designs" },
+      { id: "feedback", label: "Feedback", shortLabel: "FDB", color: "#3b82f6", shortcutKey: "f", description: "Client or stakeholder feedback to address" },
+      { id: "asset", label: "Asset", shortLabel: "AST", color: "#22c55e", shortcutKey: "a", description: "Assets to produce or deliver" },
+      { id: "research", label: "Research", shortLabel: "RSC", color: "#6b7280", shortcutKey: "s", description: "User research or competitive analysis" },
+      { id: "bug", label: "Bug", shortLabel: "BUG", color: "#ef4444", shortcutKey: "b", description: "Visual or UI bugs" }
+    ]
+  },
+  {
+    id: "product",
+    name: "Product Management",
+    categories: [
+      { id: "epic", label: "Epic", shortLabel: "EPC", color: "#8b5cf6", shortcutKey: "e", description: "Large initiatives spanning multiple stories" },
+      { id: "story", label: "Story", shortLabel: "STY", color: "#3b82f6", shortcutKey: "s", description: "User stories describing desired functionality" },
+      { id: "bug", label: "Bug", shortLabel: "BUG", color: "#ef4444", shortcutKey: "b", description: "Bugs that need to be fixed" },
+      { id: "task", label: "Task", shortLabel: "TSK", color: "#22c55e", shortcutKey: "t", description: "Tasks to complete" },
+      { id: "spike", label: "Spike", shortLabel: "SPK", color: "#f97316", shortcutKey: "k", description: "Research or investigation spikes" },
+      { id: "debt", label: "Tech Debt", shortLabel: "DBT", color: "#6b7280", shortcutKey: "d", description: "Technical debt to address" }
+    ]
+  },
+  {
+    id: "marketing",
+    name: "Marketing",
+    categories: [
+      { id: "campaign", label: "Campaign", shortLabel: "CMP", color: "#8b5cf6", shortcutKey: "c", description: "Marketing campaigns" },
+      { id: "content", label: "Content", shortLabel: "CNT", color: "#3b82f6", shortcutKey: "n", description: "Content to create or publish" },
+      { id: "design", label: "Design", shortLabel: "DES", color: "#22c55e", shortcutKey: "d", description: "Design requests and assets" },
+      { id: "analytics", label: "Analytics", shortLabel: "ANL", color: "#f97316", shortcutKey: "a", description: "Analytics and reporting tasks" },
+      { id: "outreach", label: "Outreach", shortLabel: "OUT", color: "#6b7280", shortcutKey: "o", description: "Outreach and partnership activities" },
+      { id: "event", label: "Event", shortLabel: "EVT", color: "#ef4444", shortcutKey: "e", description: "Events to plan or manage" }
+    ]
+  },
+  {
+    id: "personal",
+    name: "Personal",
+    categories: [
+      { id: "task", label: "Task", shortLabel: "TSK", color: "#3b82f6", shortcutKey: "t", description: "Things to do" },
+      { id: "idea", label: "Idea", shortLabel: "IDA", color: "#22c55e", shortcutKey: "i", description: "Ideas to explore" },
+      { id: "note", label: "Note", shortLabel: "NTE", color: "#6b7280", shortcutKey: "n", description: "Notes and references" },
+      { id: "errand", label: "Errand", shortLabel: "ERR", color: "#f97316", shortcutKey: "e", description: "Errands and appointments" },
+      { id: "project", label: "Project", shortLabel: "PRJ", color: "#8b5cf6", shortcutKey: "p", description: "Larger projects" },
+      { id: "urgent", label: "Urgent", shortLabel: "URG", color: "#ef4444", shortcutKey: "u", description: "Urgent items" }
+    ]
+  }
+];
+var CATEGORIES = DEFAULT_CATEGORIES.map((c) => ({ value: c.id, label: c.label, color: c.color }));
+var CATEGORY_DESCRIPTIONS = Object.fromEntries(
+  DEFAULT_CATEGORIES.map((c) => [c.id, c.description])
+);
+
+// src/db/settings.ts
+init_connection();
+async function getSettings() {
+  const db2 = await getDb();
+  const result = await db2.query("SELECT key, value FROM settings");
+  const settings = {};
+  for (const row of result.rows) {
+    settings[row.key] = row.value;
+  }
+  return settings;
+}
+async function updateSetting(key, value) {
+  const db2 = await getDb();
+  await db2.query(
+    `INSERT INTO settings (key, value) VALUES ($1, $2) ON CONFLICT (key) DO UPDATE SET value = $2`,
+    [key, value]
+  );
+}
+async function getCategories() {
+  const settings = await getSettings();
+  if (settings.categories) {
+    try {
+      const parsed = JSON.parse(settings.categories);
+      if (Array.isArray(parsed) && parsed.length > 0) return parsed;
+    } catch {
+    }
+  }
+  return DEFAULT_CATEGORIES;
+}
+async function saveCategories(categories) {
+  await updateSetting("categories", JSON.stringify(categories));
+}
+
+// src/db/tags.ts
+init_connection();
+function normalizeTag(input) {
+  return input.replace(/[^a-zA-Z0-9]+/g, " ").trim().toLowerCase();
+}
+function extractBracketTags(input) {
+  const tags = [];
+  const cleaned = input.replace(/\[([^\]]*)\]/g, (_match, content) => {
+    const tag = normalizeTag(content);
+    if (tag && !tags.includes(tag)) tags.push(tag);
+    return " ";
+  });
+  const title = cleaned.replace(/\s+/g, " ").trim();
+  return { title, tags };
+}
+async function getAllTags() {
+  const db2 = await getDb();
+  const result = await db2.query(`SELECT DISTINCT tags FROM tickets WHERE tags != '[]' AND status != 'deleted'`);
+  const tagSet = /* @__PURE__ */ new Set();
+  for (const row of result.rows) {
+    try {
+      const parsed = JSON.parse(row.tags);
+      if (Array.isArray(parsed)) {
+        for (const tag of parsed) {
+          if (typeof tag === "string" && tag.trim()) {
+            const norm = normalizeTag(tag);
+            if (norm) tagSet.add(norm);
+          }
+        }
+      }
+    } catch {
+    }
+  }
+  return Array.from(tagSet).sort();
+}
+
+// src/cleanup.ts
+async function cleanupAttachments() {
+  try {
+    const settings = await getSettings();
+    const verifiedDays = parseInt(settings.verified_cleanup_days, 10) || 30;
+    const trashDays = parseInt(settings.trash_cleanup_days, 10) || 3;
+    const tickets = await getTicketsForCleanup(verifiedDays, trashDays);
+    if (tickets.length === 0) return;
+    let cleaned = 0;
+    for (const ticket of tickets) {
+      const attachments = await getAttachments(ticket.id);
+      for (const att of attachments) {
+        try {
+          rmSync3(att.stored_path, { force: true });
+        } catch {
+        }
+      }
+      await hardDeleteTicket(ticket.id);
+      cleaned++;
+    }
+    if (cleaned > 0) {
+      console.log(`  Cleaned up ${cleaned} old ticket(s) and their attachments.`);
+    }
+  } catch (err) {
+    console.error("Attachment cleanup failed:", err);
+  }
+}
+
+// src/cli.ts
+init_connection();
+init_file_settings();
+
+// src/lock.ts
+import { existsSync as existsSync3, readFileSync as readFileSync3, rmSync as rmSync4, writeFileSync as writeFileSync3 } from "fs";
+import { join as join4 } from "path";
+var lockPath = null;
+function acquireLock(dataDir2) {
+  lockPath = join4(dataDir2, "hotsheet.lock");
+  if (existsSync3(lockPath)) {
+    try {
+      const contents = JSON.parse(readFileSync3(lockPath, "utf-8"));
+      const pid = contents.pid;
+      try {
+        process.kill(pid, 0);
+        console.error(`
+  Error: Another Hot Sheet instance (PID ${pid}) is already using this data directory.`);
+        console.error(`  Directory: ${dataDir2}`);
+        console.error(`  Stop that instance first, or use --data-dir to point to a different location.
+`);
+        process.exit(1);
+      } catch {
+        console.log(`  Removing stale lock from PID ${pid}`);
+        rmSync4(lockPath, { force: true });
+      }
+    } catch {
+      rmSync4(lockPath, { force: true });
+    }
+  }
+  writeFileSync3(lockPath, JSON.stringify({ pid: process.pid, startedAt: (/* @__PURE__ */ new Date()).toISOString() }));
+  const cleanup = () => releaseLock();
+  process.on("exit", cleanup);
+  process.on("SIGINT", () => {
+    cleanup();
+    process.exit(0);
+  });
+  process.on("SIGTERM", () => {
+    cleanup();
+    process.exit(0);
+  });
+}
+function releaseLock() {
+  if (lockPath) {
+    try {
+      rmSync4(lockPath, { force: true });
+    } catch {
+    }
+    lockPath = null;
+  }
+}
+
 // src/demo.ts
 init_connection();
 var DEMO_SCENARIOS = [
@@ -2387,290 +2401,31 @@ init_file_settings();
 import { serve } from "@hono/node-server";
 import { exec } from "child_process";
 import { existsSync as existsSync8, readFileSync as readFileSync7 } from "fs";
-import { Hono as Hono4 } from "hono";
-import { dirname as dirname2, join as join10 } from "path";
+import { Hono as Hono9 } from "hono";
+import { dirname as dirname2, join as join11 } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
 
 // src/routes/api.ts
-import { existsSync as existsSync7, mkdirSync as mkdirSync4, rmSync as rmSync5 } from "fs";
+import { Hono as Hono6 } from "hono";
+
+// src/routes/attachments.ts
+import { existsSync as existsSync5, mkdirSync as mkdirSync3, rmSync as rmSync5 } from "fs";
 import { Hono } from "hono";
-import { basename, extname, join as join9, relative as relative2 } from "path";
+import { basename, extname, join as join7, resolve as resolve2 } from "path";
 
-// src/skills.ts
+// src/sync/markdown.ts
+import { writeFileSync as writeFileSync4 } from "fs";
+import { join as join6 } from "path";
 init_file_settings();
-import { existsSync as existsSync5, mkdirSync as mkdirSync3, readFileSync as readFileSync5, writeFileSync as writeFileSync4 } from "fs";
-import { join as join6, relative } from "path";
-var SKILL_VERSION = 4;
-var skillPort;
-var skillDataDir;
-var skillCategories = DEFAULT_CATEGORIES;
-function initSkills(port2, dataDir2) {
-  skillPort = port2;
-  skillDataDir = dataDir2;
-}
-function setSkillCategories(categories) {
-  skillCategories = categories;
-}
-function buildTicketSkills() {
-  return skillCategories.map((cat) => ({
-    name: `hs-${cat.id.replace(/_/g, "-")}`,
-    category: cat.id,
-    label: cat.label.toLowerCase(),
-    description: cat.description
-  }));
-}
-function versionHeader() {
-  return `<!-- hotsheet-skill-version: ${SKILL_VERSION} -->`;
-}
-function parseVersionHeader(content) {
-  const match = content.match(/<!-- hotsheet-skill-version: (\d+)(?: port: \d+)? -->/);
-  if (!match) return null;
-  return parseInt(match[1], 10);
-}
-function updateFile(path, content) {
-  if (existsSync5(path)) {
-    const existing = readFileSync5(path, "utf-8");
-    const version = parseVersionHeader(existing);
-    if (version !== null && version >= SKILL_VERSION) {
-      return false;
-    }
-  }
-  writeFileSync4(path, content, "utf-8");
-  return true;
-}
-function ticketSkillBody(skill) {
-  const settings = readFileSettings(skillDataDir);
-  const secret = settings.secret || "";
-  const secretLine = secret ? `  -H "X-Hotsheet-Secret: ${secret}" \\` : "";
-  const lines = [
-    `Create a new Hot Sheet **${skill.label}** ticket. ${skill.description}.`,
-    "",
-    "**Parsing the input:**",
-    '- If the input starts with "next", "up next", or "do next" (case-insensitive), set `up_next` to `true` and use the remaining text as the title',
-    "- Otherwise, use the entire input as the title",
-    "",
-    "**Create the ticket** by running:",
-    "```bash",
-    `curl -s -X POST http://localhost:${skillPort}/api/tickets \\`,
-    '  -H "Content-Type: application/json" \\'
-  ];
-  if (secretLine) lines.push(secretLine);
-  lines.push(
-    `  -d '{"title": "<TITLE>", "defaults": {"category": "${skill.category}", "up_next": <true|false>}}'`,
-    "```",
-    "",
-    `If the request fails (connection refused or 403), re-read \`.hotsheet/settings.json\` for the current \`port\` and \`secret\` values \u2014 you may be connecting to the wrong Hot Sheet instance.`,
-    "",
-    "Report the created ticket number and title to the user."
-  );
-  return lines.join("\n");
-}
-function mainSkillBody() {
-  const worklistRel = relative(process.cwd(), join6(skillDataDir, "worklist.md"));
-  const settingsRel = relative(process.cwd(), join6(skillDataDir, "settings.json"));
-  return [
-    `Base directory for this skill: ${join6(process.cwd(), ".claude", "skills", "hotsheet")}`,
-    "",
-    `Read \`${worklistRel}\` and work through the tickets in priority order.`,
-    "",
-    "For each ticket:",
-    "1. Read the ticket details carefully",
-    "2. Implement the work described",
-    "3. When complete, mark it done via the Hot Sheet UI",
-    "",
-    "Work through them in order of priority, where reasonable.",
-    "",
-    `If API calls fail (connection refused or 403), re-read \`${settingsRel}\` for the current \`port\` and \`secret\` values \u2014 you may be connecting to the wrong Hot Sheet instance.`
-  ].join("\n");
-}
-var HOTSHEET_ALLOW_PATTERNS = [
-  "Bash(curl * http://localhost:417*/api/*)",
-  "Bash(curl * http://localhost:418*/api/*)"
-];
-var HOTSHEET_CURL_RE = /^Bash\(curl \* http:\/\/localhost:\d+\/api\/\*\)$|^Bash\(curl \* http:\/\/localhost:41[78]\*\/api\/\*\)$/;
-function ensureClaudePermissions(cwd) {
-  if (skillPort < 4170 || skillPort > 4189) return false;
-  const settingsPath2 = join6(cwd, ".claude", "settings.json");
-  let settings = {};
-  if (existsSync5(settingsPath2)) {
-    try {
-      settings = JSON.parse(readFileSync5(settingsPath2, "utf-8"));
-    } catch {
-    }
-  }
-  if (!settings.permissions) settings.permissions = {};
-  if (!settings.permissions.allow) settings.permissions.allow = [];
-  const allow = settings.permissions.allow;
-  if (HOTSHEET_ALLOW_PATTERNS.every((p) => allow.includes(p))) return false;
-  settings.permissions.allow = allow.filter((p) => !HOTSHEET_CURL_RE.test(p));
-  settings.permissions.allow.push(...HOTSHEET_ALLOW_PATTERNS);
-  writeFileSync4(settingsPath2, JSON.stringify(settings, null, 2) + "\n", "utf-8");
-  return true;
-}
-function ensureClaudeSkills(cwd) {
-  let updated = false;
-  const skillsDir = join6(cwd, ".claude", "skills");
-  if (ensureClaudePermissions(cwd)) updated = true;
-  const mainDir = join6(skillsDir, "hotsheet");
-  mkdirSync3(mainDir, { recursive: true });
-  const mainContent = [
-    "---",
-    "name: hotsheet",
-    "description: Read the Hot Sheet worklist and work through the current priority items",
-    "allowed-tools: Read, Grep, Glob, Edit, Write, Bash",
-    "---",
-    versionHeader(),
-    "",
-    mainSkillBody(),
-    ""
-  ].join("\n");
-  if (updateFile(join6(mainDir, "SKILL.md"), mainContent)) updated = true;
-  for (const skill of buildTicketSkills()) {
-    const dir = join6(skillsDir, skill.name);
-    mkdirSync3(dir, { recursive: true });
-    const content = [
-      "---",
-      `name: ${skill.name}`,
-      `description: Create a new ${skill.label} ticket in Hot Sheet`,
-      "allowed-tools: Bash",
-      "---",
-      versionHeader(),
-      "",
-      ticketSkillBody(skill),
-      ""
-    ].join("\n");
-    if (updateFile(join6(dir, "SKILL.md"), content)) updated = true;
-  }
-  return updated;
-}
-function ensureCursorRules(cwd) {
-  let updated = false;
-  const rulesDir = join6(cwd, ".cursor", "rules");
-  mkdirSync3(rulesDir, { recursive: true });
-  const mainContent = [
-    "---",
-    "description: Read the Hot Sheet worklist and work through the current priority items",
-    "alwaysApply: false",
-    "---",
-    versionHeader(),
-    "",
-    mainSkillBody(),
-    ""
-  ].join("\n");
-  if (updateFile(join6(rulesDir, "hotsheet.mdc"), mainContent)) updated = true;
-  for (const skill of buildTicketSkills()) {
-    const content = [
-      "---",
-      `description: Create a new ${skill.label} ticket in Hot Sheet`,
-      "alwaysApply: false",
-      "---",
-      versionHeader(),
-      "",
-      ticketSkillBody(skill),
-      ""
-    ].join("\n");
-    if (updateFile(join6(rulesDir, `${skill.name}.mdc`), content)) updated = true;
-  }
-  return updated;
-}
-function ensureCopilotPrompts(cwd) {
-  let updated = false;
-  const promptsDir = join6(cwd, ".github", "prompts");
-  mkdirSync3(promptsDir, { recursive: true });
-  const mainContent = [
-    "---",
-    "description: Read the Hot Sheet worklist and work through the current priority items",
-    "---",
-    versionHeader(),
-    "",
-    mainSkillBody(),
-    ""
-  ].join("\n");
-  if (updateFile(join6(promptsDir, "hotsheet.prompt.md"), mainContent)) updated = true;
-  for (const skill of buildTicketSkills()) {
-    const content = [
-      "---",
-      `description: Create a new ${skill.label} ticket in Hot Sheet`,
-      "---",
-      versionHeader(),
-      "",
-      ticketSkillBody(skill),
-      ""
-    ].join("\n");
-    if (updateFile(join6(promptsDir, `${skill.name}.prompt.md`), content)) updated = true;
-  }
-  return updated;
-}
-function ensureWindsurfRules(cwd) {
-  let updated = false;
-  const rulesDir = join6(cwd, ".windsurf", "rules");
-  mkdirSync3(rulesDir, { recursive: true });
-  const mainContent = [
-    "---",
-    "trigger: manual",
-    "description: Read the Hot Sheet worklist and work through the current priority items",
-    "---",
-    versionHeader(),
-    "",
-    mainSkillBody(),
-    ""
-  ].join("\n");
-  if (updateFile(join6(rulesDir, "hotsheet.md"), mainContent)) updated = true;
-  for (const skill of buildTicketSkills()) {
-    const content = [
-      "---",
-      "trigger: manual",
-      `description: Create a new ${skill.label} ticket in Hot Sheet`,
-      "---",
-      versionHeader(),
-      "",
-      ticketSkillBody(skill),
-      ""
-    ].join("\n");
-    if (updateFile(join6(rulesDir, `${skill.name}.md`), content)) updated = true;
-  }
-  return updated;
-}
-var pendingCreatedFlag = false;
-function ensureSkills() {
-  const cwd = process.cwd();
-  const platforms = [];
-  if (existsSync5(join6(cwd, ".claude"))) {
-    if (ensureClaudeSkills(cwd)) platforms.push("Claude Code");
-  }
-  if (existsSync5(join6(cwd, ".cursor"))) {
-    if (ensureCursorRules(cwd)) platforms.push("Cursor");
-  }
-  if (existsSync5(join6(cwd, ".github", "prompts")) || existsSync5(join6(cwd, ".github", "copilot-instructions.md"))) {
-    if (ensureCopilotPrompts(cwd)) platforms.push("GitHub Copilot");
-  }
-  if (existsSync5(join6(cwd, ".windsurf"))) {
-    if (ensureWindsurfRules(cwd)) platforms.push("Windsurf");
-  }
-  if (platforms.length > 0) {
-    pendingCreatedFlag = true;
-  }
-  return platforms;
-}
-function consumeSkillsCreatedFlag() {
-  const result = pendingCreatedFlag;
-  pendingCreatedFlag = false;
-  return result;
-}
-
-// src/sync/markdown.ts
-import { writeFileSync as writeFileSync5 } from "fs";
-import { join as join7 } from "path";
-init_file_settings();
-var dataDir;
-var port;
-var worklistTimeout = null;
-var openTicketsTimeout = null;
-var WORKLIST_DEBOUNCE = 500;
-var OPEN_TICKETS_DEBOUNCE = 5e3;
-function initMarkdownSync(dir, serverPort) {
-  dataDir = dir;
-  port = serverPort;
+var dataDir;
+var port;
+var worklistTimeout = null;
+var openTicketsTimeout = null;
+var WORKLIST_DEBOUNCE = 500;
+var OPEN_TICKETS_DEBOUNCE = 5e3;
+function initMarkdownSync(dir, serverPort) {
+  dataDir = dir;
+  port = serverPort;
 }
 function scheduleWorklistSync() {
   if (worklistTimeout) clearTimeout(worklistTimeout);
@@ -2811,7 +2566,23 @@ async function syncWorklist() {
     sections.push("Set `up_next: true` only for items that should be prioritized immediately.");
     sections.push("");
     if (tickets.length === 0) {
-      sections.push("No items in the Up Next list.");
+      const dbSettings = await getSettings();
+      const autoOrder = dbSettings.auto_order !== "false";
+      if (autoOrder) {
+        sections.push("## Auto-Prioritize");
+        sections.push("");
+        sections.push("No items are in the Up Next list, but **auto-prioritize is enabled**. Before doing anything else:");
+        sections.push("");
+        sections.push("1. Read `.hotsheet/open-tickets.md` to see all open tickets.");
+        sections.push("2. Evaluate them by priority, urgency, and dependencies.");
+        sections.push("3. Choose the most important ticket(s) to work on next.");
+        sections.push(`4. Mark them as Up Next: \`curl -s -X PATCH http://localhost:${port}/api/tickets/{id} -H "Content-Type: application/json"${secretHeader} -d '{"up_next": true}'\``);
+        sections.push('5. Then work through them as normal (set status to "started", implement, set to "completed" with notes).');
+        sections.push("");
+        sections.push("If there are no open tickets at all, there is nothing to do.");
+      } else {
+        sections.push("No items in the Up Next list.");
+      }
     } else {
       const autoContext = await loadAutoContext();
       for (const ticket of tickets) {
@@ -2827,7 +2598,7 @@ async function syncWorklist() {
       sections.push(await formatCategoryDescriptions(categories));
     }
     sections.push("");
-    writeFileSync5(join7(dataDir, "worklist.md"), sections.join("\n"), "utf-8");
+    writeFileSync4(join6(dataDir, "worklist.md"), sections.join("\n"), "utf-8");
   } catch (err) {
     console.error("Failed to sync worklist.md:", err);
   }
@@ -2872,234 +2643,49 @@ async function syncOpenTickets() {
       sections.push(await formatCategoryDescriptions(categories));
     }
     sections.push("");
-    writeFileSync5(join7(dataDir, "open-tickets.md"), sections.join("\n"), "utf-8");
+    writeFileSync4(join6(dataDir, "open-tickets.md"), sections.join("\n"), "utf-8");
   } catch (err) {
     console.error("Failed to sync open-tickets.md:", err);
   }
 }
 
-// src/routes/api.ts
-var apiRoutes = new Hono();
+// src/routes/notify.ts
 var changeVersion = 0;
 var pollWaiters = [];
 function notifyChange() {
   changeVersion++;
   const waiters = pollWaiters;
   pollWaiters = [];
-  for (const resolve4 of waiters) {
-    resolve4(changeVersion);
+  for (const resolve5 of waiters) {
+    resolve5(changeVersion);
   }
 }
-apiRoutes.get("/poll", async (c) => {
-  const clientVersion = parseInt(c.req.query("version") || "0", 10);
-  if (changeVersion > clientVersion) {
-    return c.json({ version: changeVersion });
-  }
-  const version = await Promise.race([
-    new Promise((resolve4) => {
-      pollWaiters.push(resolve4);
-    }),
-    new Promise((resolve4) => {
-      setTimeout(() => resolve4(changeVersion), 3e4);
-    })
-  ]);
-  return c.json({ version });
-});
-apiRoutes.get("/tickets", async (c) => {
-  const filters = {};
-  const category = c.req.query("category");
-  if (category !== void 0 && category !== "") filters.category = category;
-  const priority = c.req.query("priority");
-  if (priority !== void 0 && priority !== "") filters.priority = priority;
-  const status = c.req.query("status");
-  if (status !== void 0 && status !== "") filters.status = status;
-  const upNext = c.req.query("up_next");
-  if (upNext !== void 0) filters.up_next = upNext === "true";
-  const search = c.req.query("search");
-  if (search !== void 0 && search !== "") filters.search = search;
-  const sortBy = c.req.query("sort_by");
-  if (sortBy !== void 0 && sortBy !== "") filters.sort_by = sortBy;
-  const sortDir = c.req.query("sort_dir");
-  if (sortDir !== void 0 && sortDir !== "") filters.sort_dir = sortDir;
-  const tickets = await getTickets(filters);
-  return c.json(tickets);
-});
-apiRoutes.post("/tickets", async (c) => {
-  const body = await c.req.json();
-  let title = body.title || "";
-  const defaults = body.defaults || {};
-  const { title: cleanTitle, tags: bracketTags } = extractBracketTags(title);
-  if (bracketTags.length > 0) {
-    title = cleanTitle || title;
-    let existingTags = [];
-    if (defaults.tags) {
-      try {
-        existingTags = JSON.parse(defaults.tags);
-      } catch {
-      }
-    }
-    for (const tag of bracketTags) {
-      if (!existingTags.some((t) => t.toLowerCase() === tag.toLowerCase())) existingTags.push(tag);
-    }
-    defaults.tags = JSON.stringify(existingTags);
-  }
-  const ticket = await createTicket(title, defaults);
-  scheduleAllSync();
-  notifyChange();
-  return c.json(ticket, 201);
-});
-apiRoutes.get("/tickets/:id", async (c) => {
-  const id = parseInt(c.req.param("id"), 10);
-  const ticket = await getTicket(id);
-  if (!ticket) return c.json({ error: "Not found" }, 404);
-  const attachments = await getAttachments(id);
-  const notes = parseNotes(ticket.notes);
-  return c.json({ ...ticket, notes: JSON.stringify(notes), attachments });
-});
-apiRoutes.patch("/tickets/:id", async (c) => {
-  const id = parseInt(c.req.param("id"), 10);
-  const body = await c.req.json();
-  const ticket = await updateTicket(id, body);
-  if (!ticket) return c.json({ error: "Not found" }, 404);
-  scheduleAllSync();
-  notifyChange();
-  return c.json(ticket);
-});
-apiRoutes.delete("/tickets/:id", async (c) => {
-  const id = parseInt(c.req.param("id"), 10);
-  await deleteTicket(id);
-  scheduleAllSync();
-  notifyChange();
-  return c.json({ ok: true });
-});
-apiRoutes.put("/tickets/:id/notes-bulk", async (c) => {
-  const id = parseInt(c.req.param("id"), 10);
-  const body = await c.req.json();
-  const db2 = await Promise.resolve().then(() => (init_connection(), connection_exports)).then((m) => m.getDb());
-  const result = await (await db2).query(
-    `UPDATE tickets SET notes = $1, updated_at = NOW() WHERE id = $2 RETURNING id`,
-    [body.notes, id]
-  );
-  if (result.rows.length === 0) return c.json({ error: "Not found" }, 404);
-  scheduleAllSync();
-  notifyChange();
-  return c.json({ ok: true });
-});
-apiRoutes.patch("/tickets/:id/notes/:noteId", async (c) => {
-  const id = parseInt(c.req.param("id"), 10);
-  const noteId2 = c.req.param("noteId");
-  const body = await c.req.json();
-  const notes = await editNote(id, noteId2, body.text);
-  if (!notes) return c.json({ error: "Not found" }, 404);
-  scheduleAllSync();
-  notifyChange();
-  return c.json(notes);
-});
-apiRoutes.delete("/tickets/:id/notes/:noteId", async (c) => {
-  const id = parseInt(c.req.param("id"), 10);
-  const noteId2 = c.req.param("noteId");
-  const notes = await deleteNote(id, noteId2);
-  if (!notes) return c.json({ error: "Not found" }, 404);
-  scheduleAllSync();
-  notifyChange();
-  return c.json(notes);
-});
-apiRoutes.delete("/tickets/:id/hard", async (c) => {
-  const id = parseInt(c.req.param("id"), 10);
-  const attachments = await getAttachments(id);
-  for (const att of attachments) {
-    try {
-      rmSync5(att.stored_path, { force: true });
-    } catch {
-    }
-  }
-  await hardDeleteTicket(id);
-  scheduleAllSync();
-  notifyChange();
-  return c.json({ ok: true });
-});
-apiRoutes.post("/tickets/batch", async (c) => {
-  const body = await c.req.json();
-  switch (body.action) {
-    case "delete":
-      await batchDeleteTickets(body.ids);
-      break;
-    case "restore":
-      await batchRestoreTickets(body.ids);
-      break;
-    case "category":
-      await batchUpdateTickets(body.ids, { category: body.value });
-      break;
-    case "priority":
-      await batchUpdateTickets(body.ids, { priority: body.value });
-      break;
-    case "status":
-      await batchUpdateTickets(body.ids, { status: body.value });
-      break;
-    case "up_next":
-      await batchUpdateTickets(body.ids, { up_next: body.value });
-      break;
-  }
-  scheduleAllSync();
-  notifyChange();
-  return c.json({ ok: true });
-});
-apiRoutes.post("/tickets/duplicate", async (c) => {
-  const body = await c.req.json();
-  const created = await duplicateTickets(body.ids);
-  scheduleAllSync();
-  notifyChange();
-  return c.json(created, 201);
-});
-apiRoutes.post("/tickets/:id/restore", async (c) => {
-  const id = parseInt(c.req.param("id"), 10);
-  const ticket = await restoreTicket(id);
-  if (!ticket) return c.json({ error: "Not found" }, 404);
-  scheduleAllSync();
-  notifyChange();
-  return c.json(ticket);
-});
-apiRoutes.post("/trash/empty", async (c) => {
-  const deleted = await getTickets({ status: "deleted" });
-  for (const ticket of deleted) {
-    const attachments = await getAttachments(ticket.id);
-    for (const att of attachments) {
-      try {
-        rmSync5(att.stored_path, { force: true });
-      } catch {
-      }
-    }
-  }
-  await emptyTrash();
-  scheduleAllSync();
-  notifyChange();
-  return c.json({ ok: true });
-});
-apiRoutes.post("/tickets/:id/up-next", async (c) => {
-  const id = parseInt(c.req.param("id"), 10);
-  const ticket = await toggleUpNext(id);
-  if (!ticket) return c.json({ error: "Not found" }, 404);
-  scheduleAllSync();
-  notifyChange();
-  return c.json(ticket);
-});
-apiRoutes.post("/tickets/:id/attachments", async (c) => {
-  const id = parseInt(c.req.param("id"), 10);
-  const ticket = await getTicket(id);
-  if (!ticket) return c.json({ error: "Ticket not found" }, 404);
-  const dataDir2 = c.get("dataDir");
-  const body = await c.req.parseBody();
-  const file = body["file"];
-  if (typeof file === "string") {
-    return c.json({ error: "No file uploaded" }, 400);
+function getChangeVersion() {
+  return changeVersion;
+}
+function addPollWaiter(resolve5) {
+  pollWaiters.push(resolve5);
+}
+
+// src/routes/attachments.ts
+var attachmentRoutes = new Hono();
+attachmentRoutes.post("/tickets/:id/attachments", async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  const ticket = await getTicket(id);
+  if (!ticket) return c.json({ error: "Ticket not found" }, 404);
+  const dataDir2 = c.get("dataDir");
+  const body = await c.req.parseBody();
+  const file = body["file"];
+  if (typeof file === "string") {
+    return c.json({ error: "No file uploaded" }, 400);
   }
   const originalName = file.name;
   const ext = extname(originalName);
   const baseName = basename(originalName, ext);
   const storedName = `${ticket.ticket_number}_${baseName}${ext}`;
-  const attachDir = join9(dataDir2, "attachments");
-  mkdirSync4(attachDir, { recursive: true });
-  const storedPath = join9(attachDir, storedName);
+  const attachDir = join7(dataDir2, "attachments");
+  mkdirSync3(attachDir, { recursive: true });
+  const storedPath = join7(attachDir, storedName);
   const buffer = Buffer.from(await file.arrayBuffer());
   const { writeFileSync: writeFileSync8 } = await import("fs");
   writeFileSync8(storedPath, buffer);
@@ -3108,7 +2694,7 @@ apiRoutes.post("/tickets/:id/attachments", async (c) => {
   notifyChange();
   return c.json(attachment, 201);
 });
-apiRoutes.delete("/attachments/:id", async (c) => {
+attachmentRoutes.delete("/attachments/:id", async (c) => {
   const id = parseInt(c.req.param("id"), 10);
   const attachment = await deleteAttachment(id);
   if (!attachment) return c.json({ error: "Not found" }, 404);
@@ -3120,11 +2706,11 @@ apiRoutes.delete("/attachments/:id", async (c) => {
   notifyChange();
   return c.json({ ok: true });
 });
-apiRoutes.post("/attachments/:id/reveal", async (c) => {
+attachmentRoutes.post("/attachments/:id/reveal", async (c) => {
   const id = parseInt(c.req.param("id"), 10);
   const attachment = await getAttachment(id);
   if (!attachment) return c.json({ error: "Not found" }, 404);
-  if (!existsSync7(attachment.stored_path)) return c.json({ error: "File not found on disk" }, 404);
+  if (!existsSync5(attachment.stored_path)) return c.json({ error: "File not found on disk" }, 404);
   const { execFile } = await import("child_process");
   const { dirname: dirname4 } = await import("path");
   const platform = process.platform;
@@ -3137,11 +2723,15 @@ apiRoutes.post("/attachments/:id/reveal", async (c) => {
   }
   return c.json({ ok: true });
 });
-apiRoutes.get("/attachments/file/*", async (c) => {
+attachmentRoutes.get("/attachments/file/*", async (c) => {
   const filePath = c.req.path.replace("/api/attachments/file/", "");
   const dataDir2 = c.get("dataDir");
-  const fullPath = join9(dataDir2, "attachments", filePath);
-  if (!existsSync7(fullPath)) {
+  const attachDir = resolve2(join7(dataDir2, "attachments"));
+  const fullPath = resolve2(join7(attachDir, filePath));
+  if (!fullPath.startsWith(attachDir + "/") && fullPath !== attachDir) {
+    return c.json({ error: "Invalid path" }, 403);
+  }
+  if (!existsSync5(fullPath)) {
     return c.json({ error: "File not found" }, 404);
   }
   const { readFileSync: readFileSync9 } = await import("fs");
@@ -3163,225 +2753,712 @@ apiRoutes.get("/attachments/file/*", async (c) => {
     headers: { "Content-Type": contentType }
   });
 });
-apiRoutes.post("/tickets/query", async (c) => {
-  const body = await c.req.json();
-  const tickets = await queryTickets(body.logic, body.conditions, body.sort_by, body.sort_dir, body.required_tag);
-  return c.json(tickets);
+
+// src/routes/channel.ts
+import { Hono as Hono2 } from "hono";
+var channelRoutes = new Hono2();
+var channelDoneFlag = false;
+channelRoutes.get("/channel/claude-check", async (c) => {
+  const { execFileSync } = await import("child_process");
+  try {
+    const version = execFileSync("claude", ["--version"], { timeout: 5e3, encoding: "utf-8" }).trim();
+    const match = version.match(/(\d+\.\d+\.\d+)/);
+    const versionNum = match ? match[1] : null;
+    const parts = versionNum ? versionNum.split(".").map(Number) : [];
+    const meetsMinimum = parts.length === 3 && (parts[0] > 2 || parts[0] === 2 && parts[1] > 1 || parts[0] === 2 && parts[1] === 1 && parts[2] >= 80);
+    return c.json({ installed: true, version: versionNum, meetsMinimum });
+  } catch {
+    return c.json({ installed: false, version: null, meetsMinimum: false });
+  }
 });
-apiRoutes.get("/tags", async (c) => {
-  const tags = await getAllTags();
-  return c.json(tags);
+channelRoutes.get("/channel/status", async (c) => {
+  const { isChannelAlive: isChannelAlive2, getChannelPort: getChannelPort2 } = await Promise.resolve().then(() => (init_channel_config(), channel_config_exports));
+  const dataDir2 = c.get("dataDir");
+  const settings = await getSettings();
+  const enabled = settings.channel_enabled === "true";
+  const port2 = getChannelPort2(dataDir2);
+  const alive = enabled ? await isChannelAlive2(dataDir2) : false;
+  const done = channelDoneFlag;
+  if (done) channelDoneFlag = false;
+  return c.json({ enabled, alive, port: port2, done });
 });
-apiRoutes.get("/categories", async (c) => {
-  const categories = await getCategories();
-  return c.json(categories);
+channelRoutes.post("/channel/trigger", async (c) => {
+  const { triggerChannel: triggerChannel2 } = await Promise.resolve().then(() => (init_channel_config(), channel_config_exports));
+  const dataDir2 = c.get("dataDir");
+  const serverPort = parseInt(new URL(c.req.url).port || "4174", 10);
+  const body = await c.req.json().catch(() => ({ message: void 0 }));
+  channelDoneFlag = false;
+  const ok = await triggerChannel2(dataDir2, serverPort, body.message);
+  return c.json({ ok });
 });
-apiRoutes.put("/categories", async (c) => {
-  const categories = await c.req.json();
-  await saveCategories(categories);
-  scheduleAllSync();
-  notifyChange();
-  return c.json(categories);
+channelRoutes.get("/channel/permission", async (c) => {
+  const { getChannelPort: getChannelPort2 } = await Promise.resolve().then(() => (init_channel_config(), channel_config_exports));
+  const dataDir2 = c.get("dataDir");
+  const port2 = getChannelPort2(dataDir2);
+  if (!port2) return c.json({ pending: null });
+  try {
+    const res = await fetch(`http://127.0.0.1:${port2}/permission`);
+    const data = await res.json();
+    return c.json(data);
+  } catch {
+    return c.json({ pending: null });
+  }
 });
-apiRoutes.get("/category-presets", (c) => {
-  return c.json(CATEGORY_PRESETS);
+channelRoutes.post("/channel/permission/respond", async (c) => {
+  const { getChannelPort: getChannelPort2 } = await Promise.resolve().then(() => (init_channel_config(), channel_config_exports));
+  const dataDir2 = c.get("dataDir");
+  const port2 = getChannelPort2(dataDir2);
+  if (!port2) return c.json({ error: "Channel not available" }, 503);
+  const body = await c.req.json();
+  try {
+    const res = await fetch(`http://127.0.0.1:${port2}/permission/respond`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(body)
+    });
+    return c.json(await res.json());
+  } catch {
+    return c.json({ error: "Failed to reach channel server" }, 503);
+  }
 });
-apiRoutes.get("/stats", async (c) => {
-  const stats = await getTicketStats();
-  return c.json(stats);
+channelRoutes.post("/channel/permission/dismiss", async (c) => {
+  const { getChannelPort: getChannelPort2 } = await Promise.resolve().then(() => (init_channel_config(), channel_config_exports));
+  const dataDir2 = c.get("dataDir");
+  const port2 = getChannelPort2(dataDir2);
+  if (!port2) return c.json({ ok: true });
+  try {
+    await fetch(`http://127.0.0.1:${port2}/permission/dismiss`, { method: "POST" });
+  } catch {
+  }
+  return c.json({ ok: true });
 });
-apiRoutes.get("/dashboard", async (c) => {
-  const { getDashboardStats: getDashboardStats2, getSnapshots: getSnapshots2 } = await Promise.resolve().then(() => (init_stats(), stats_exports));
-  const days = parseInt(c.req.query("days") || "30", 10);
-  const [stats, snapshots] = await Promise.all([
-    getDashboardStats2(days),
-    getSnapshots2(days)
-  ]);
-  return c.json({ ...stats, snapshots });
+channelRoutes.post("/channel/done", async (_c) => {
+  channelDoneFlag = true;
+  notifyChange();
+  return _c.json({ ok: true });
 });
-apiRoutes.get("/settings", async (c) => {
-  const settings = await getSettings();
-  return c.json(settings);
+channelRoutes.post("/channel/enable", async (c) => {
+  const { registerChannel: registerChannel2 } = await Promise.resolve().then(() => (init_channel_config(), channel_config_exports));
+  const dataDir2 = c.get("dataDir");
+  await updateSetting("channel_enabled", "true");
+  registerChannel2(dataDir2);
+  notifyChange();
+  return c.json({ ok: true });
+});
+channelRoutes.post("/channel/disable", async (c) => {
+  const { unregisterChannel: unregisterChannel2 } = await Promise.resolve().then(() => (init_channel_config(), channel_config_exports));
+  await updateSetting("channel_enabled", "false");
+  unregisterChannel2();
+  notifyChange();
+  return c.json({ ok: true });
+});
+
+// src/routes/dashboard.ts
+import { Hono as Hono3 } from "hono";
+import { join as join10, relative as relative2 } from "path";
+
+// src/skills.ts
+init_file_settings();
+import { existsSync as existsSync7, mkdirSync as mkdirSync4, readFileSync as readFileSync6, writeFileSync as writeFileSync6 } from "fs";
+import { join as join9, relative } from "path";
+var SKILL_VERSION = 5;
+var skillPort;
+var skillDataDir;
+var skillCategories = DEFAULT_CATEGORIES;
+function initSkills(port2, dataDir2) {
+  skillPort = port2;
+  skillDataDir = dataDir2;
+}
+function setSkillCategories(categories) {
+  skillCategories = categories;
+}
+function buildTicketSkills() {
+  return skillCategories.map((cat) => ({
+    name: `hs-${cat.id.replace(/_/g, "-")}`,
+    category: cat.id,
+    label: cat.label.toLowerCase(),
+    description: cat.description
+  }));
+}
+function versionHeader() {
+  return `<!-- hotsheet-skill-version: ${SKILL_VERSION} -->`;
+}
+function parseVersionHeader(content) {
+  const match = content.match(/<!-- hotsheet-skill-version: (\d+)(?: port: \d+)? -->/);
+  if (!match) return null;
+  return parseInt(match[1], 10);
+}
+function updateFile(path, content) {
+  if (existsSync7(path)) {
+    const existing = readFileSync6(path, "utf-8");
+    const version = parseVersionHeader(existing);
+    if (version !== null && version >= SKILL_VERSION) {
+      return false;
+    }
+  }
+  writeFileSync6(path, content, "utf-8");
+  return true;
+}
+function ticketSkillBody(skill) {
+  const settings = readFileSettings(skillDataDir);
+  const secret = settings.secret || "";
+  const secretLine = secret ? `  -H "X-Hotsheet-Secret: ${secret}" \\` : "";
+  const lines = [
+    `Create a new Hot Sheet **${skill.label}** ticket. ${skill.description}.`,
+    "",
+    "**Parsing the input:**",
+    '- If the input starts with "next", "up next", or "do next" (case-insensitive), set `up_next` to `true` and use the remaining text as the title',
+    "- Otherwise, use the entire input as the title",
+    "",
+    "**Create the ticket** by running:",
+    "```bash",
+    `curl -s -X POST http://localhost:${skillPort}/api/tickets \\`,
+    '  -H "Content-Type: application/json" \\'
+  ];
+  if (secretLine) lines.push(secretLine);
+  lines.push(
+    `  -d '{"title": "<TITLE>", "defaults": {"category": "${skill.category}", "up_next": <true|false>}}'`,
+    "```",
+    "",
+    `If the request fails (connection refused or 403), re-read \`.hotsheet/settings.json\` for the current \`port\` and \`secret\` values \u2014 you may be connecting to the wrong Hot Sheet instance.`,
+    "",
+    "Report the created ticket number and title to the user."
+  );
+  return lines.join("\n");
+}
+function mainSkillBody() {
+  const worklistRel = relative(process.cwd(), join9(skillDataDir, "worklist.md"));
+  const settingsRel = relative(process.cwd(), join9(skillDataDir, "settings.json"));
+  return [
+    `Base directory for this skill: ${join9(process.cwd(), ".claude", "skills", "hotsheet")}`,
+    "",
+    `Read \`${worklistRel}\` and work through the tickets in priority order.`,
+    "",
+    "For each ticket:",
+    "1. Read the ticket details carefully",
+    "2. Implement the work described",
+    "3. When complete, mark it done via the Hot Sheet UI",
+    "",
+    "Work through them in order of priority, where reasonable.",
+    "",
+    'If the worklist says "Auto-Prioritize", follow those instructions to choose and mark tickets as Up Next before working on them.',
+    "",
+    `If API calls fail (connection refused or 403), re-read \`${settingsRel}\` for the current \`port\` and \`secret\` values \u2014 you may be connecting to the wrong Hot Sheet instance.`
+  ].join("\n");
+}
+var HOTSHEET_ALLOW_PATTERNS = [
+  "Bash(curl * http://localhost:417*/api/*)",
+  "Bash(curl * http://localhost:418*/api/*)"
+];
+var HOTSHEET_CURL_RE = /^Bash\(curl \* http:\/\/localhost:\d+\/api\/\*\)$|^Bash\(curl \* http:\/\/localhost:41[78]\*\/api\/\*\)$/;
+function ensureClaudePermissions(cwd) {
+  if (skillPort < 4170 || skillPort > 4189) return false;
+  const settingsPath2 = join9(cwd, ".claude", "settings.json");
+  let settings = {};
+  if (existsSync7(settingsPath2)) {
+    try {
+      settings = JSON.parse(readFileSync6(settingsPath2, "utf-8"));
+    } catch {
+    }
+  }
+  if (!settings.permissions) settings.permissions = {};
+  if (!settings.permissions.allow) settings.permissions.allow = [];
+  const allow = settings.permissions.allow;
+  if (HOTSHEET_ALLOW_PATTERNS.every((p) => allow.includes(p))) return false;
+  settings.permissions.allow = allow.filter((p) => !HOTSHEET_CURL_RE.test(p));
+  settings.permissions.allow.push(...HOTSHEET_ALLOW_PATTERNS);
+  writeFileSync6(settingsPath2, JSON.stringify(settings, null, 2) + "\n", "utf-8");
+  return true;
+}
+function ensureClaudeSkills(cwd) {
+  let updated = false;
+  const skillsDir = join9(cwd, ".claude", "skills");
+  if (ensureClaudePermissions(cwd)) updated = true;
+  const mainDir = join9(skillsDir, "hotsheet");
+  mkdirSync4(mainDir, { recursive: true });
+  const mainContent = [
+    "---",
+    "name: hotsheet",
+    "description: Read the Hot Sheet worklist and work through the current priority items",
+    "allowed-tools: Read, Grep, Glob, Edit, Write, Bash",
+    "---",
+    versionHeader(),
+    "",
+    mainSkillBody(),
+    ""
+  ].join("\n");
+  if (updateFile(join9(mainDir, "SKILL.md"), mainContent)) updated = true;
+  for (const skill of buildTicketSkills()) {
+    const dir = join9(skillsDir, skill.name);
+    mkdirSync4(dir, { recursive: true });
+    const content = [
+      "---",
+      `name: ${skill.name}`,
+      `description: Create a new ${skill.label} ticket in Hot Sheet`,
+      "allowed-tools: Bash",
+      "---",
+      versionHeader(),
+      "",
+      ticketSkillBody(skill),
+      ""
+    ].join("\n");
+    if (updateFile(join9(dir, "SKILL.md"), content)) updated = true;
+  }
+  return updated;
+}
+function ensureCursorRules(cwd) {
+  let updated = false;
+  const rulesDir = join9(cwd, ".cursor", "rules");
+  mkdirSync4(rulesDir, { recursive: true });
+  const mainContent = [
+    "---",
+    "description: Read the Hot Sheet worklist and work through the current priority items",
+    "alwaysApply: false",
+    "---",
+    versionHeader(),
+    "",
+    mainSkillBody(),
+    ""
+  ].join("\n");
+  if (updateFile(join9(rulesDir, "hotsheet.mdc"), mainContent)) updated = true;
+  for (const skill of buildTicketSkills()) {
+    const content = [
+      "---",
+      `description: Create a new ${skill.label} ticket in Hot Sheet`,
+      "alwaysApply: false",
+      "---",
+      versionHeader(),
+      "",
+      ticketSkillBody(skill),
+      ""
+    ].join("\n");
+    if (updateFile(join9(rulesDir, `${skill.name}.mdc`), content)) updated = true;
+  }
+  return updated;
+}
+function ensureCopilotPrompts(cwd) {
+  let updated = false;
+  const promptsDir = join9(cwd, ".github", "prompts");
+  mkdirSync4(promptsDir, { recursive: true });
+  const mainContent = [
+    "---",
+    "description: Read the Hot Sheet worklist and work through the current priority items",
+    "---",
+    versionHeader(),
+    "",
+    mainSkillBody(),
+    ""
+  ].join("\n");
+  if (updateFile(join9(promptsDir, "hotsheet.prompt.md"), mainContent)) updated = true;
+  for (const skill of buildTicketSkills()) {
+    const content = [
+      "---",
+      `description: Create a new ${skill.label} ticket in Hot Sheet`,
+      "---",
+      versionHeader(),
+      "",
+      ticketSkillBody(skill),
+      ""
+    ].join("\n");
+    if (updateFile(join9(promptsDir, `${skill.name}.prompt.md`), content)) updated = true;
+  }
+  return updated;
+}
+function ensureWindsurfRules(cwd) {
+  let updated = false;
+  const rulesDir = join9(cwd, ".windsurf", "rules");
+  mkdirSync4(rulesDir, { recursive: true });
+  const mainContent = [
+    "---",
+    "trigger: manual",
+    "description: Read the Hot Sheet worklist and work through the current priority items",
+    "---",
+    versionHeader(),
+    "",
+    mainSkillBody(),
+    ""
+  ].join("\n");
+  if (updateFile(join9(rulesDir, "hotsheet.md"), mainContent)) updated = true;
+  for (const skill of buildTicketSkills()) {
+    const content = [
+      "---",
+      "trigger: manual",
+      `description: Create a new ${skill.label} ticket in Hot Sheet`,
+      "---",
+      versionHeader(),
+      "",
+      ticketSkillBody(skill),
+      ""
+    ].join("\n");
+    if (updateFile(join9(rulesDir, `${skill.name}.md`), content)) updated = true;
+  }
+  return updated;
+}
+var pendingCreatedFlag = false;
+function ensureSkills() {
+  const cwd = process.cwd();
+  const platforms = [];
+  if (existsSync7(join9(cwd, ".claude"))) {
+    if (ensureClaudeSkills(cwd)) platforms.push("Claude Code");
+  }
+  if (existsSync7(join9(cwd, ".cursor"))) {
+    if (ensureCursorRules(cwd)) platforms.push("Cursor");
+  }
+  if (existsSync7(join9(cwd, ".github", "prompts")) || existsSync7(join9(cwd, ".github", "copilot-instructions.md"))) {
+    if (ensureCopilotPrompts(cwd)) platforms.push("GitHub Copilot");
+  }
+  if (existsSync7(join9(cwd, ".windsurf"))) {
+    if (ensureWindsurfRules(cwd)) platforms.push("Windsurf");
+  }
+  if (platforms.length > 0) {
+    pendingCreatedFlag = true;
+  }
+  return platforms;
+}
+function consumeSkillsCreatedFlag() {
+  const result = pendingCreatedFlag;
+  pendingCreatedFlag = false;
+  return result;
+}
+
+// src/routes/dashboard.ts
+var dashboardRoutes = new Hono3();
+dashboardRoutes.get("/poll", async (c) => {
+  const clientVersion = parseInt(c.req.query("version") || "0", 10);
+  const changeVersion2 = getChangeVersion();
+  if (changeVersion2 > clientVersion) {
+    return c.json({ version: changeVersion2 });
+  }
+  const version = await Promise.race([
+    new Promise((resolve5) => {
+      addPollWaiter(resolve5);
+    }),
+    new Promise((resolve5) => {
+      setTimeout(() => resolve5(getChangeVersion()), 3e4);
+    })
+  ]);
+  return c.json({ version });
+});
+dashboardRoutes.get("/stats", async (c) => {
+  const stats = await getTicketStats();
+  return c.json(stats);
+});
+dashboardRoutes.get("/dashboard", async (c) => {
+  const { getDashboardStats: getDashboardStats2, getSnapshots: getSnapshots2 } = await Promise.resolve().then(() => (init_stats(), stats_exports));
+  const days = parseInt(c.req.query("days") || "30", 10);
+  const [stats, snapshots] = await Promise.all([
+    getDashboardStats2(days),
+    getSnapshots2(days)
+  ]);
+  return c.json({ ...stats, snapshots });
+});
+dashboardRoutes.get("/worklist-info", (c) => {
+  const dataDir2 = c.get("dataDir");
+  const cwd = process.cwd();
+  const worklistRel = relative2(cwd, join10(dataDir2, "worklist.md"));
+  const prompt = `Read ${worklistRel} for current work items.`;
+  ensureSkills();
+  const skillCreated = consumeSkillsCreatedFlag();
+  return c.json({ prompt, skillCreated });
+});
+var glassboxAvailable = null;
+dashboardRoutes.get("/glassbox/status", async (c) => {
+  if (glassboxAvailable === null) {
+    const { execFileSync } = await import("child_process");
+    try {
+      execFileSync("which", ["glassbox"], { stdio: "ignore" });
+      glassboxAvailable = true;
+    } catch {
+      glassboxAvailable = false;
+    }
+  }
+  return c.json({ available: glassboxAvailable });
+});
+dashboardRoutes.post("/glassbox/launch", async (c) => {
+  if (!glassboxAvailable) return c.json({ error: "Glassbox not available" }, 404);
+  const { spawn } = await import("child_process");
+  spawn("glassbox", [], {
+    cwd: process.cwd(),
+    detached: true,
+    stdio: "ignore"
+  }).unref();
+  return c.json({ ok: true });
+});
+dashboardRoutes.get("/gitignore/status", async (c) => {
+  const { isGitRepo: isGitRepo2, isHotsheetGitignored: isHotsheetGitignored2 } = await Promise.resolve().then(() => (init_gitignore(), gitignore_exports));
+  const cwd = process.cwd();
+  if (!isGitRepo2(cwd)) return c.json({ inGitRepo: false, ignored: false });
+  return c.json({ inGitRepo: true, ignored: isHotsheetGitignored2(cwd) });
+});
+dashboardRoutes.post("/gitignore/add", async (c) => {
+  const { ensureGitignore: ensureGitignore2 } = await Promise.resolve().then(() => (init_gitignore(), gitignore_exports));
+  ensureGitignore2(process.cwd());
+  return c.json({ ok: true });
+});
+dashboardRoutes.post("/print", async (c) => {
+  const { html } = await c.req.json();
+  const { writeFileSync: writeFileSync8 } = await import("fs");
+  const { tmpdir: tmpdir2 } = await import("os");
+  const { join: pathJoin } = await import("path");
+  const { execFile } = await import("child_process");
+  const tmpPath = pathJoin(tmpdir2(), `hotsheet-print-${Date.now()}.html`);
+  writeFileSync8(tmpPath, html, "utf-8");
+  const platform = process.platform;
+  if (platform === "darwin") {
+    execFile("open", [tmpPath]);
+  } else if (platform === "win32") {
+    execFile("start", ["", tmpPath], { shell: true });
+  } else {
+    execFile("xdg-open", [tmpPath]);
+  }
+  return c.json({ ok: true, path: tmpPath });
+});
+
+// src/routes/settings.ts
+import { Hono as Hono4 } from "hono";
+var settingsRoutes = new Hono4();
+settingsRoutes.get("/tags", async (c) => {
+  const tags = await getAllTags();
+  return c.json(tags);
+});
+settingsRoutes.get("/categories", async (c) => {
+  const categories = await getCategories();
+  return c.json(categories);
+});
+settingsRoutes.put("/categories", async (c) => {
+  const categories = await c.req.json();
+  await saveCategories(categories);
+  scheduleAllSync();
+  notifyChange();
+  return c.json(categories);
+});
+settingsRoutes.get("/category-presets", (c) => {
+  return c.json(CATEGORY_PRESETS);
+});
+settingsRoutes.get("/settings", async (c) => {
+  const settings = await getSettings();
+  return c.json(settings);
+});
+settingsRoutes.patch("/settings", async (c) => {
+  const body = await c.req.json();
+  for (const [key, value] of Object.entries(body)) {
+    await updateSetting(key, value);
+  }
+  return c.json({ ok: true });
+});
+settingsRoutes.get("/file-settings", async (c) => {
+  const { readFileSettings: readFileSettings2 } = await Promise.resolve().then(() => (init_file_settings(), file_settings_exports));
+  const dataDir2 = c.get("dataDir");
+  const { secret, secretPathHash, port: port2, ...safe } = readFileSettings2(dataDir2);
+  return c.json(safe);
+});
+settingsRoutes.patch("/file-settings", async (c) => {
+  const { writeFileSettings: writeFileSettings2 } = await Promise.resolve().then(() => (init_file_settings(), file_settings_exports));
+  const dataDir2 = c.get("dataDir");
+  const body = await c.req.json();
+  const updated = writeFileSettings2(dataDir2, body);
+  return c.json(updated);
+});
+
+// src/routes/tickets.ts
+import { rmSync as rmSync6 } from "fs";
+import { Hono as Hono5 } from "hono";
+var ticketRoutes = new Hono5();
+ticketRoutes.get("/tickets", async (c) => {
+  const filters = {};
+  const category = c.req.query("category");
+  if (category !== void 0 && category !== "") filters.category = category;
+  const priority = c.req.query("priority");
+  if (priority !== void 0 && priority !== "") filters.priority = priority;
+  const status = c.req.query("status");
+  if (status !== void 0 && status !== "") filters.status = status;
+  const upNext = c.req.query("up_next");
+  if (upNext !== void 0) filters.up_next = upNext === "true";
+  const search = c.req.query("search");
+  if (search !== void 0 && search !== "") filters.search = search;
+  const sortBy = c.req.query("sort_by");
+  if (sortBy !== void 0 && sortBy !== "") filters.sort_by = sortBy;
+  const sortDir = c.req.query("sort_dir");
+  if (sortDir !== void 0 && sortDir !== "") filters.sort_dir = sortDir;
+  const tickets = await getTickets(filters);
+  return c.json(tickets);
+});
+ticketRoutes.post("/tickets", async (c) => {
+  const body = await c.req.json();
+  let title = body.title || "";
+  const defaults = body.defaults || {};
+  const { title: cleanTitle, tags: bracketTags } = extractBracketTags(title);
+  if (bracketTags.length > 0) {
+    title = cleanTitle || title;
+    let existingTags = [];
+    if (defaults.tags) {
+      try {
+        existingTags = JSON.parse(defaults.tags);
+      } catch {
+      }
+    }
+    for (const tag of bracketTags) {
+      if (!existingTags.some((t) => t.toLowerCase() === tag.toLowerCase())) existingTags.push(tag);
+    }
+    defaults.tags = JSON.stringify(existingTags);
+  }
+  const ticket = await createTicket(title, defaults);
+  scheduleAllSync();
+  notifyChange();
+  return c.json(ticket, 201);
+});
+ticketRoutes.get("/tickets/:id", async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  const ticket = await getTicket(id);
+  if (!ticket) return c.json({ error: "Not found" }, 404);
+  const attachments = await getAttachments(id);
+  const notes = parseNotes(ticket.notes);
+  return c.json({ ...ticket, notes: JSON.stringify(notes), attachments });
 });
-apiRoutes.patch("/settings", async (c) => {
+ticketRoutes.patch("/tickets/:id", async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
   const body = await c.req.json();
-  for (const [key, value] of Object.entries(body)) {
-    await updateSetting(key, value);
-  }
+  const ticket = await updateTicket(id, body);
+  if (!ticket) return c.json({ error: "Not found" }, 404);
+  scheduleAllSync();
+  notifyChange();
+  return c.json(ticket);
+});
+ticketRoutes.delete("/tickets/:id", async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  await deleteTicket(id);
+  scheduleAllSync();
+  notifyChange();
   return c.json({ ok: true });
 });
-apiRoutes.get("/file-settings", async (c) => {
-  const { readFileSettings: readFileSettings2 } = await Promise.resolve().then(() => (init_file_settings(), file_settings_exports));
-  const dataDir2 = c.get("dataDir");
-  return c.json(readFileSettings2(dataDir2));
+ticketRoutes.put("/tickets/:id/notes-bulk", async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  const body = await c.req.json();
+  const db2 = await Promise.resolve().then(() => (init_connection(), connection_exports)).then((m) => m.getDb());
+  const result = await (await db2).query(
+    `UPDATE tickets SET notes = $1, updated_at = NOW() WHERE id = $2 RETURNING id`,
+    [body.notes, id]
+  );
+  if (result.rows.length === 0) return c.json({ error: "Not found" }, 404);
+  scheduleAllSync();
+  notifyChange();
+  return c.json({ ok: true });
 });
-apiRoutes.patch("/file-settings", async (c) => {
-  const { writeFileSettings: writeFileSettings2 } = await Promise.resolve().then(() => (init_file_settings(), file_settings_exports));
-  const dataDir2 = c.get("dataDir");
+ticketRoutes.patch("/tickets/:id/notes/:noteId", async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  const noteId2 = c.req.param("noteId");
   const body = await c.req.json();
-  const updated = writeFileSettings2(dataDir2, body);
-  return c.json(updated);
+  const notes = await editNote(id, noteId2, body.text);
+  if (!notes) return c.json({ error: "Not found" }, 404);
+  scheduleAllSync();
+  notifyChange();
+  return c.json(notes);
 });
-apiRoutes.get("/worklist-info", (c) => {
-  const dataDir2 = c.get("dataDir");
-  const cwd = process.cwd();
-  const worklistRel = relative2(cwd, join9(dataDir2, "worklist.md"));
-  const prompt = `Read ${worklistRel} for current work items.`;
-  ensureSkills();
-  const skillCreated = consumeSkillsCreatedFlag();
-  return c.json({ prompt, skillCreated });
+ticketRoutes.delete("/tickets/:id/notes/:noteId", async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  const noteId2 = c.req.param("noteId");
+  const notes = await deleteNote(id, noteId2);
+  if (!notes) return c.json({ error: "Not found" }, 404);
+  scheduleAllSync();
+  notifyChange();
+  return c.json(notes);
 });
-var glassboxAvailable = null;
-apiRoutes.get("/glassbox/status", async (c) => {
-  if (glassboxAvailable === null) {
-    const { execFileSync } = await import("child_process");
+ticketRoutes.delete("/tickets/:id/hard", async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  const attachments = await getAttachments(id);
+  for (const att of attachments) {
     try {
-      execFileSync("which", ["glassbox"], { stdio: "ignore" });
-      glassboxAvailable = true;
+      rmSync6(att.stored_path, { force: true });
     } catch {
-      glassboxAvailable = false;
     }
   }
-  return c.json({ available: glassboxAvailable });
-});
-apiRoutes.post("/glassbox/launch", async (c) => {
-  if (!glassboxAvailable) return c.json({ error: "Glassbox not available" }, 404);
-  const { spawn } = await import("child_process");
-  spawn("glassbox", [], {
-    cwd: process.cwd(),
-    detached: true,
-    stdio: "ignore"
-  }).unref();
-  return c.json({ ok: true });
-});
-apiRoutes.get("/gitignore/status", async (c) => {
-  const { isGitRepo: isGitRepo2, isHotsheetGitignored: isHotsheetGitignored2 } = await Promise.resolve().then(() => (init_gitignore(), gitignore_exports));
-  const cwd = process.cwd();
-  if (!isGitRepo2(cwd)) return c.json({ inGitRepo: false, ignored: false });
-  return c.json({ inGitRepo: true, ignored: isHotsheetGitignored2(cwd) });
-});
-apiRoutes.post("/gitignore/add", async (c) => {
-  const { ensureGitignore: ensureGitignore2 } = await Promise.resolve().then(() => (init_gitignore(), gitignore_exports));
-  ensureGitignore2(process.cwd());
+  await hardDeleteTicket(id);
+  scheduleAllSync();
+  notifyChange();
   return c.json({ ok: true });
 });
-apiRoutes.get("/channel/claude-check", async (c) => {
-  const { execFileSync } = await import("child_process");
-  try {
-    const version = execFileSync("claude", ["--version"], { timeout: 5e3, encoding: "utf-8" }).trim();
-    const match = version.match(/(\d+\.\d+\.\d+)/);
-    const versionNum = match ? match[1] : null;
-    const parts = versionNum ? versionNum.split(".").map(Number) : [];
-    const meetsMinimum = parts.length === 3 && (parts[0] > 2 || parts[0] === 2 && parts[1] > 1 || parts[0] === 2 && parts[1] === 1 && parts[2] >= 80);
-    return c.json({ installed: true, version: versionNum, meetsMinimum });
-  } catch {
-    return c.json({ installed: false, version: null, meetsMinimum: false });
-  }
-});
-var channelDoneFlag = false;
-apiRoutes.get("/channel/status", async (c) => {
-  const { isChannelAlive: isChannelAlive2, getChannelPort: getChannelPort2 } = await Promise.resolve().then(() => (init_channel_config(), channel_config_exports));
-  const dataDir2 = c.get("dataDir");
-  const settings = await getSettings();
-  const enabled = settings.channel_enabled === "true";
-  const port2 = getChannelPort2(dataDir2);
-  const alive = enabled ? await isChannelAlive2(dataDir2) : false;
-  const done = channelDoneFlag;
-  if (done) channelDoneFlag = false;
-  return c.json({ enabled, alive, port: port2, done });
-});
-apiRoutes.post("/channel/trigger", async (c) => {
-  const { triggerChannel: triggerChannel2 } = await Promise.resolve().then(() => (init_channel_config(), channel_config_exports));
-  const dataDir2 = c.get("dataDir");
-  const serverPort = parseInt(new URL(c.req.url).port || "4174", 10);
-  const body = await c.req.json().catch(() => ({ message: void 0 }));
-  channelDoneFlag = false;
-  const ok = await triggerChannel2(dataDir2, serverPort, body.message);
-  return c.json({ ok });
-});
-apiRoutes.get("/channel/permission", async (c) => {
-  const { getChannelPort: getChannelPort2 } = await Promise.resolve().then(() => (init_channel_config(), channel_config_exports));
-  const dataDir2 = c.get("dataDir");
-  const port2 = getChannelPort2(dataDir2);
-  if (!port2) return c.json({ pending: null });
-  try {
-    const res = await fetch(`http://127.0.0.1:${port2}/permission`);
-    const data = await res.json();
-    return c.json(data);
-  } catch {
-    return c.json({ pending: null });
-  }
-});
-apiRoutes.post("/channel/permission/respond", async (c) => {
-  const { getChannelPort: getChannelPort2 } = await Promise.resolve().then(() => (init_channel_config(), channel_config_exports));
-  const dataDir2 = c.get("dataDir");
-  const port2 = getChannelPort2(dataDir2);
-  if (!port2) return c.json({ error: "Channel not available" }, 503);
+ticketRoutes.post("/tickets/batch", async (c) => {
   const body = await c.req.json();
-  try {
-    const res = await fetch(`http://127.0.0.1:${port2}/permission/respond`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify(body)
-    });
-    return c.json(await res.json());
-  } catch {
-    return c.json({ error: "Failed to reach channel server" }, 503);
-  }
-});
-apiRoutes.post("/channel/permission/dismiss", async (c) => {
-  const { getChannelPort: getChannelPort2 } = await Promise.resolve().then(() => (init_channel_config(), channel_config_exports));
-  const dataDir2 = c.get("dataDir");
-  const port2 = getChannelPort2(dataDir2);
-  if (!port2) return c.json({ ok: true });
-  try {
-    await fetch(`http://127.0.0.1:${port2}/permission/dismiss`, { method: "POST" });
-  } catch {
+  switch (body.action) {
+    case "delete":
+      await batchDeleteTickets(body.ids);
+      break;
+    case "restore":
+      await batchRestoreTickets(body.ids);
+      break;
+    case "category":
+      await batchUpdateTickets(body.ids, { category: body.value });
+      break;
+    case "priority":
+      await batchUpdateTickets(body.ids, { priority: body.value });
+      break;
+    case "status":
+      await batchUpdateTickets(body.ids, { status: body.value });
+      break;
+    case "up_next":
+      await batchUpdateTickets(body.ids, { up_next: body.value });
+      break;
   }
+  scheduleAllSync();
+  notifyChange();
   return c.json({ ok: true });
 });
-apiRoutes.post("/channel/done", async (_c) => {
-  channelDoneFlag = true;
+ticketRoutes.post("/tickets/duplicate", async (c) => {
+  const body = await c.req.json();
+  const created = await duplicateTickets(body.ids);
+  scheduleAllSync();
   notifyChange();
-  return _c.json({ ok: true });
+  return c.json(created, 201);
 });
-apiRoutes.post("/channel/enable", async (c) => {
-  const { registerChannel: registerChannel2 } = await Promise.resolve().then(() => (init_channel_config(), channel_config_exports));
-  const dataDir2 = c.get("dataDir");
-  await updateSetting("channel_enabled", "true");
-  registerChannel2(dataDir2);
+ticketRoutes.post("/tickets/:id/restore", async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  const ticket = await restoreTicket(id);
+  if (!ticket) return c.json({ error: "Not found" }, 404);
+  scheduleAllSync();
   notifyChange();
-  return c.json({ ok: true });
+  return c.json(ticket);
 });
-apiRoutes.post("/channel/disable", async (c) => {
-  const { unregisterChannel: unregisterChannel2 } = await Promise.resolve().then(() => (init_channel_config(), channel_config_exports));
-  await updateSetting("channel_enabled", "false");
-  unregisterChannel2();
+ticketRoutes.post("/trash/empty", async (c) => {
+  const deleted = await getTickets({ status: "deleted" });
+  for (const ticket of deleted) {
+    const attachments = await getAttachments(ticket.id);
+    for (const att of attachments) {
+      try {
+        rmSync6(att.stored_path, { force: true });
+      } catch {
+      }
+    }
+  }
+  await emptyTrash();
+  scheduleAllSync();
   notifyChange();
   return c.json({ ok: true });
 });
-apiRoutes.post("/print", async (c) => {
-  const { html } = await c.req.json();
-  const { writeFileSync: writeFileSync8 } = await import("fs");
-  const { tmpdir: tmpdir2 } = await import("os");
-  const { join: pathJoin } = await import("path");
-  const { execFile } = await import("child_process");
-  const tmpPath = pathJoin(tmpdir2(), `hotsheet-print-${Date.now()}.html`);
-  writeFileSync8(tmpPath, html, "utf-8");
-  const platform = process.platform;
-  if (platform === "darwin") {
-    execFile("open", [tmpPath]);
-  } else if (platform === "win32") {
-    execFile("start", ["", tmpPath], { shell: true });
-  } else {
-    execFile("xdg-open", [tmpPath]);
-  }
-  return c.json({ ok: true, path: tmpPath });
+ticketRoutes.post("/tickets/:id/up-next", async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  const ticket = await toggleUpNext(id);
+  if (!ticket) return c.json({ error: "Not found" }, 404);
+  scheduleAllSync();
+  notifyChange();
+  return c.json(ticket);
+});
+ticketRoutes.post("/tickets/query", async (c) => {
+  const body = await c.req.json();
+  const tickets = await queryTickets(body.logic, body.conditions, body.sort_by, body.sort_dir, body.required_tag);
+  return c.json(tickets);
 });
 
+// src/routes/api.ts
+var apiRoutes = new Hono6();
+apiRoutes.route("/", ticketRoutes);
+apiRoutes.route("/", attachmentRoutes);
+apiRoutes.route("/", channelRoutes);
+apiRoutes.route("/", settingsRoutes);
+apiRoutes.route("/", dashboardRoutes);
+
 // src/routes/backups.ts
-import { Hono as Hono2 } from "hono";
-var backupRoutes = new Hono2();
+import { Hono as Hono7 } from "hono";
+var backupRoutes = new Hono7();
 backupRoutes.get("/", (c) => {
   const dataDir2 = c.get("dataDir");
   const backups = listBackups(dataDir2);
@@ -3430,7 +3507,7 @@ backupRoutes.post("/restore", async (c) => {
 });
 
 // src/routes/pages.tsx
-import { Hono as Hono3 } from "hono";
+import { Hono as Hono8 } from "hono";
 
 // src/utils/escapeHtml.ts
 function escapeHtml(str) {
@@ -3625,7 +3702,7 @@ function Layout({ title, children }) {
 }
 
 // src/routes/pages.tsx
-var pageRoutes = new Hono3();
+var pageRoutes = new Hono8();
 pageRoutes.get("/", (c) => {
   const html = /* @__PURE__ */ jsx(Layout, { title: "Hot Sheet", children: [
     /* @__PURE__ */ jsx("div", { className: "app", children: [
@@ -3727,17 +3804,66 @@ pageRoutes.get("/", (c) => {
                 /* @__PURE__ */ jsx("path", { d: "M12 8v8" })
               ] }) })
             ] }),
-            /* @__PURE__ */ jsx("button", { className: "sidebar-item active", "data-view": "all", children: "All Tickets" }),
-            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "non-verified", children: "Non-Verified" }),
-            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "up-next", children: "Up Next" }),
-            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "open", children: "Open" }),
-            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "completed", children: "Completed" }),
-            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "verified", children: "Verified" }),
+            /* @__PURE__ */ jsx("button", { className: "sidebar-item active", "data-view": "all", children: [
+              /* @__PURE__ */ jsx("span", { className: "sidebar-icon", children: /* @__PURE__ */ jsx("svg", { xmlns: "http://www.w3.org/2000/svg", width: "14", height: "14", viewBox: "0 0 24 24", fill: "none", stroke: "currentColor", strokeWidth: "2", strokeLinecap: "round", strokeLinejoin: "round", children: [
+                /* @__PURE__ */ jsx("path", { d: "M3 12h18" }),
+                /* @__PURE__ */ jsx("path", { d: "M3 6h18" }),
+                /* @__PURE__ */ jsx("path", { d: "M3 18h18" })
+              ] }) }),
+              " All Tickets"
+            ] }),
+            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "non-verified", children: [
+              /* @__PURE__ */ jsx("span", { className: "sidebar-icon", children: "\u25D4" }),
+              " Non-Verified"
+            ] }),
+            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "up-next", children: [
+              /* @__PURE__ */ jsx("span", { className: "sidebar-icon", children: "\u2605" }),
+              " Up Next"
+            ] }),
+            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "open", children: [
+              /* @__PURE__ */ jsx("span", { className: "sidebar-icon", children: "\u25CB" }),
+              " Open"
+            ] }),
+            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "completed", children: [
+              /* @__PURE__ */ jsx("span", { className: "sidebar-icon", children: "\u2713" }),
+              " Completed"
+            ] }),
+            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "verified", children: [
+              /* @__PURE__ */ jsx("span", { className: "sidebar-icon", children: /* @__PURE__ */ jsx("svg", { xmlns: "http://www.w3.org/2000/svg", width: "14", height: "14", viewBox: "0 0 24 24", fill: "none", stroke: "currentColor", strokeWidth: "2", strokeLinecap: "round", strokeLinejoin: "round", children: [
+                /* @__PURE__ */ jsx("path", { d: "M18 6 7 17l-5-5" }),
+                /* @__PURE__ */ jsx("path", { d: "m22 10-7.5 7.5L13 16" })
+              ] }) }),
+              " Verified"
+            ] }),
             /* @__PURE__ */ jsx("div", { id: "custom-views-container" }),
             /* @__PURE__ */ jsx("div", { className: "sidebar-divider" }),
-            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "backlog", children: "Backlog" }),
-            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "archive", children: "Archive" }),
-            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "trash", children: "Trash" })
+            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "backlog", children: [
+              /* @__PURE__ */ jsx("span", { className: "sidebar-icon", children: /* @__PURE__ */ jsx("svg", { xmlns: "http://www.w3.org/2000/svg", width: "14", height: "14", viewBox: "0 0 24 24", fill: "none", stroke: "currentColor", strokeWidth: "2", strokeLinecap: "round", strokeLinejoin: "round", children: [
+                /* @__PURE__ */ jsx("rect", { width: "18", height: "18", x: "3", y: "4", rx: "2" }),
+                /* @__PURE__ */ jsx("path", { d: "M16 2v4" }),
+                /* @__PURE__ */ jsx("path", { d: "M8 2v4" }),
+                /* @__PURE__ */ jsx("path", { d: "M3 10h18" })
+              ] }) }),
+              " Backlog"
+            ] }),
+            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "archive", children: [
+              /* @__PURE__ */ jsx("span", { className: "sidebar-icon", children: /* @__PURE__ */ jsx("svg", { xmlns: "http://www.w3.org/2000/svg", width: "14", height: "14", viewBox: "0 0 24 24", fill: "none", stroke: "currentColor", strokeWidth: "2", strokeLinecap: "round", strokeLinejoin: "round", children: [
+                /* @__PURE__ */ jsx("rect", { width: "20", height: "5", x: "2", y: "3", rx: "1" }),
+                /* @__PURE__ */ jsx("path", { d: "M4 8v11a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8" }),
+                /* @__PURE__ */ jsx("path", { d: "M10 12h4" })
+              ] }) }),
+              " Archive"
+            ] }),
+            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "trash", children: [
+              /* @__PURE__ */ jsx("span", { className: "sidebar-icon", children: /* @__PURE__ */ jsx("svg", { xmlns: "http://www.w3.org/2000/svg", width: "14", height: "14", viewBox: "0 0 24 24", fill: "none", stroke: "currentColor", strokeWidth: "2", strokeLinecap: "round", strokeLinejoin: "round", children: [
+                /* @__PURE__ */ jsx("path", { d: "M3 6h18" }),
+                /* @__PURE__ */ jsx("path", { d: "M19 6v14c0 1-1 2-2 2H7c-1 0-2-1-2-2V6" }),
+                /* @__PURE__ */ jsx("path", { d: "M8 6V4c0-1 1-2 2-2h4c1 0 2 1 2 2v2" }),
+                /* @__PURE__ */ jsx("line", { x1: "10", x2: "10", y1: "11", y2: "17" }),
+                /* @__PURE__ */ jsx("line", { x1: "14", x2: "14", y1: "11", y2: "17" })
+              ] }) }),
+              " Trash"
+            ] })
           ] }),
           /* @__PURE__ */ jsx("div", { className: "sidebar-section", id: "sidebar-categories", children: [
             /* @__PURE__ */ jsx("div", { className: "sidebar-label", children: "Category" }),
@@ -3768,11 +3894,35 @@ pageRoutes.get("/", (c) => {
           ] }),
           /* @__PURE__ */ jsx("div", { className: "sidebar-section", children: [
             /* @__PURE__ */ jsx("div", { className: "sidebar-label", children: "Priority" }),
-            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "priority:highest", children: "Highest" }),
-            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "priority:high", children: "High" }),
-            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "priority:default", children: "Default" }),
-            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "priority:low", children: "Low" }),
-            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "priority:lowest", children: "Lowest" })
+            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "priority:highest", children: [
+              /* @__PURE__ */ jsx("span", { className: "sidebar-icon", style: "color:#ef4444", children: /* @__PURE__ */ jsx("svg", { xmlns: "http://www.w3.org/2000/svg", width: "14", height: "14", viewBox: "0 0 24 24", fill: "none", stroke: "currentColor", strokeWidth: "2", strokeLinecap: "round", strokeLinejoin: "round", children: [
+                /* @__PURE__ */ jsx("path", { d: "m7 11 5-5 5 5" }),
+                /* @__PURE__ */ jsx("path", { d: "m7 17 5-5 5 5" })
+              ] }) }),
+              " Highest"
+            ] }),
+            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "priority:high", children: [
+              /* @__PURE__ */ jsx("span", { className: "sidebar-icon", style: "color:#f97316", children: /* @__PURE__ */ jsx("svg", { xmlns: "http://www.w3.org/2000/svg", width: "14", height: "14", viewBox: "0 0 24 24", fill: "none", stroke: "currentColor", strokeWidth: "2", strokeLinecap: "round", strokeLinejoin: "round", children: /* @__PURE__ */ jsx("path", { d: "m18 15-6-6-6 6" }) }) }),
+              " High"
+            ] }),
+            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "priority:default", children: [
+              /* @__PURE__ */ jsx("span", { className: "sidebar-icon", style: "color:#6b7280", children: /* @__PURE__ */ jsx("svg", { xmlns: "http://www.w3.org/2000/svg", width: "14", height: "14", viewBox: "0 0 24 24", fill: "none", stroke: "currentColor", strokeWidth: "2", strokeLinecap: "round", strokeLinejoin: "round", children: [
+                /* @__PURE__ */ jsx("path", { d: "m7 15 5 5 5-5" }),
+                /* @__PURE__ */ jsx("path", { d: "m7 9 5-5 5 5" })
+              ] }) }),
+              " Default"
+            ] }),
+            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "priority:low", children: [
+              /* @__PURE__ */ jsx("span", { className: "sidebar-icon", style: "color:#3b82f6", children: /* @__PURE__ */ jsx("svg", { xmlns: "http://www.w3.org/2000/svg", width: "14", height: "14", viewBox: "0 0 24 24", fill: "none", stroke: "currentColor", strokeWidth: "2", strokeLinecap: "round", strokeLinejoin: "round", children: /* @__PURE__ */ jsx("path", { d: "m6 9 6 6 6-6" }) }) }),
+              " Low"
+            ] }),
+            /* @__PURE__ */ jsx("button", { className: "sidebar-item", "data-view": "priority:lowest", children: [
+              /* @__PURE__ */ jsx("span", { className: "sidebar-icon", style: "color:#94a3b8", children: /* @__PURE__ */ jsx("svg", { xmlns: "http://www.w3.org/2000/svg", width: "14", height: "14", viewBox: "0 0 24 24", fill: "none", stroke: "currentColor", strokeWidth: "2", strokeLinecap: "round", strokeLinejoin: "round", children: [
+                /* @__PURE__ */ jsx("path", { d: "m7 7 5 5 5-5" }),
+                /* @__PURE__ */ jsx("path", { d: "m7 13 5 5 5-5" })
+              ] }) }),
+              " Lowest"
+            ] })
           ] }),
           /* @__PURE__ */ jsx("div", { className: "sidebar-stats", id: "stats-bar" })
         ] }),
@@ -3979,6 +4129,13 @@ pageRoutes.get("/", (c) => {
             /* @__PURE__ */ jsx("label", { children: "Auto-clear verified after (days)" }),
             /* @__PURE__ */ jsx("input", { type: "number", id: "settings-verified-days", min: "1", value: "30" })
           ] }),
+          /* @__PURE__ */ jsx("div", { className: "settings-field settings-field-checkbox", children: [
+            /* @__PURE__ */ jsx("label", { children: [
+              /* @__PURE__ */ jsx("input", { type: "checkbox", id: "settings-auto-order", checked: true }),
+              " Auto-prioritize tickets"
+            ] }),
+            /* @__PURE__ */ jsx("span", { className: "settings-hint", children: "When no Up Next items exist, the AI will evaluate open tickets and choose what to work on next." })
+          ] }),
           /* @__PURE__ */ jsx("div", { className: "settings-field", children: [
             /* @__PURE__ */ jsx("label", { children: "When Claude needs permission" }),
             /* @__PURE__ */ jsx("select", { id: "settings-notify-permission", children: [
@@ -4072,10 +4229,10 @@ pageRoutes.get("/", (c) => {
 
 // src/server.ts
 function tryServe(fetch2, port2) {
-  return new Promise((resolve4, reject) => {
+  return new Promise((resolve5, reject) => {
     const server = serve({ fetch: fetch2, port: port2 });
     server.on("listening", () => {
-      resolve4(port2);
+      resolve5(port2);
     });
     server.on("error", (err) => {
       reject(err);
@@ -4083,24 +4240,24 @@ function tryServe(fetch2, port2) {
   });
 }
 async function startServer(port2, dataDir2, options) {
-  const app = new Hono4();
+  const app = new Hono9();
   app.use("*", async (c, next) => {
     c.set("dataDir", dataDir2);
     await next();
   });
   const selfDir = dirname2(fileURLToPath2(import.meta.url));
-  const distDir = existsSync8(join10(selfDir, "client", "styles.css")) ? join10(selfDir, "client") : join10(selfDir, "..", "dist", "client");
+  const distDir = existsSync8(join11(selfDir, "client", "styles.css")) ? join11(selfDir, "client") : join11(selfDir, "..", "dist", "client");
   app.get("/static/styles.css", (c) => {
-    const css = readFileSync7(join10(distDir, "styles.css"), "utf-8");
+    const css = readFileSync7(join11(distDir, "styles.css"), "utf-8");
     return c.text(css, 200, { "Content-Type": "text/css", "Cache-Control": "no-cache" });
   });
   app.get("/static/app.js", (c) => {
-    const js = readFileSync7(join10(distDir, "app.global.js"), "utf-8");
+    const js = readFileSync7(join11(distDir, "app.global.js"), "utf-8");
     return c.text(js, 200, { "Content-Type": "application/javascript", "Cache-Control": "no-cache" });
   });
   app.get("/static/assets/:filename", (c) => {
     const filename = c.req.param("filename");
-    const filePath = join10(distDir, "assets", filename);
+    const filePath = join11(distDir, "assets", filename);
     if (!existsSync8(filePath)) return c.notFound();
     const content = readFileSync7(filePath);
     const ext = filename.split(".").pop();
@@ -4127,8 +4284,9 @@ async function startServer(port2, dataDir2, options) {
     } else if (isMutation) {
       const origin = c.req.header("Origin");
       const referer = c.req.header("Referer");
-      const isBrowser = !!(origin || referer);
-      if (!isBrowser) {
+      const localhostPattern = /^https?:\/\/(localhost|127\.0\.0\.1)(:\d+)?(\/|$)/;
+      const isSameOrigin = origin && localhostPattern.test(origin) || referer && localhostPattern.test(referer);
+      if (!isSameOrigin) {
         return c.json({
           error: "Missing X-Hotsheet-Secret header. Read .hotsheet/settings.json for the correct port and secret.",
           recovery: "Re-read .hotsheet/settings.json to get the correct port and secret, and re-read your skill files for updated instructions."
@@ -4179,15 +4337,15 @@ async function startServer(port2, dataDir2, options) {
 import { existsSync as existsSync9, mkdirSync as mkdirSync5, readFileSync as readFileSync8, writeFileSync as writeFileSync7 } from "fs";
 import { get } from "https";
 import { homedir } from "os";
-import { dirname as dirname3, join as join11 } from "path";
+import { dirname as dirname3, join as join12 } from "path";
 import { fileURLToPath as fileURLToPath3 } from "url";
-var DATA_DIR = join11(homedir(), ".hotsheet");
-var CHECK_FILE = join11(DATA_DIR, "last-update-check");
+var DATA_DIR = join12(homedir(), ".hotsheet");
+var CHECK_FILE = join12(DATA_DIR, "last-update-check");
 var PACKAGE_NAME = "hotsheet";
 function getCurrentVersion() {
   try {
     const dir = dirname3(fileURLToPath3(import.meta.url));
-    const pkg = JSON.parse(readFileSync8(join11(dir, "..", "package.json"), "utf-8"));
+    const pkg = JSON.parse(readFileSync8(join12(dir, "..", "package.json"), "utf-8"));
     return pkg.version;
   } catch {
     return "0.0.0";
@@ -4213,10 +4371,10 @@ function isFirstUseToday() {
   return last !== today;
 }
 function fetchLatestVersion() {
-  return new Promise((resolve4) => {
+  return new Promise((resolve5) => {
     const req = get(`https://registry.npmjs.org/${PACKAGE_NAME}/latest`, { timeout: 5e3 }, (res) => {
       if (res.statusCode !== 200) {
-        resolve4(null);
+        resolve5(null);
         return;
       }
       let data = "";
@@ -4225,18 +4383,18 @@ function fetchLatestVersion() {
       });
       res.on("end", () => {
         try {
-          resolve4(JSON.parse(data).version);
+          resolve5(JSON.parse(data).version);
         } catch {
-          resolve4(null);
+          resolve5(null);
         }
       });
     });
     req.on("error", () => {
-      resolve4(null);
+      resolve5(null);
     });
     req.on("timeout", () => {
       req.destroy();
-      resolve4(null);
+      resolve5(null);
     });
   });
 }
@@ -4309,7 +4467,7 @@ Examples:
 function parseArgs(argv) {
   const args = argv.slice(2);
   let port2 = 4174;
-  let dataDir2 = join12(process.cwd(), ".hotsheet");
+  let dataDir2 = join13(process.cwd(), ".hotsheet");
   let demo = null;
   let forceUpdateCheck = false;
   let noOpen = false;
@@ -4338,7 +4496,7 @@ function parseArgs(argv) {
         }
         break;
       case "--data-dir":
-        dataDir2 = resolve3(args[++i]);
+        dataDir2 = resolve4(args[++i]);
         break;
       case "--check-for-updates":
         forceUpdateCheck = true;
@@ -4376,7 +4534,7 @@ async function main() {
       }
       process.exit(1);
     }
-    dataDir2 = join12(tmpdir(), `hotsheet-demo-${demo}-${Date.now()}`);
+    dataDir2 = join13(tmpdir(), `hotsheet-demo-${demo}-${Date.now()}`);
     console.log(`
   DEMO MODE: ${scenario.label}
 `);