jamdesk 1.0.13 → 1.0.14

package/dist/lib/tarball.js

@@ -0,0 +1,117 @@
+/**
+ * Tarball utility — package docs directory for CLI deploy.
+ *
+ * Creates a gzipped tarball of the docs directory, respecting .gitignore
+ * and excluding sensitive files. Used by the deploy command.
+ */
+import { create } from 'tar';
+import ignore from 'ignore';
+import fs from 'fs/promises';
+import path from 'path';
+import { CLIError } from './errors.js';
+const MAX_SIZE_BYTES = 100 * 1024 * 1024; // 100 MB
+/** Patterns always excluded from the tarball, regardless of .gitignore. */
+const ALWAYS_EXCLUDED = [
+    '.git',
+    'node_modules',
+    '.next',
+    '.env',
+    '.env.*',
+    '*.pem',
+    '*.key',
+    'credentials.json',
+    '.gcloud',
+    '.DS_Store',
+    'Thumbs.db',
+];
+/** Filenames that suggest secrets — warn user but don't block. */
+const SECRET_PATTERNS = [
+    /^\.env$/,
+    /^\.env\..+$/,
+    /\.pem$/,
+    /\.key$/,
+    /^credentials\.json$/,
+    /^service[_-]?account.*\.json$/i,
+    /^secret/i,
+];
+export function getExcludedPatterns() {
+    return [...ALWAYS_EXCLUDED];
+}
+/**
+ * Scan file list for suspicious filenames that may contain secrets.
+ * Returns filenames that match secret patterns (for user warning).
+ */
+export function checkForSecrets(files) {
+    return files.filter((file) => {
+        const basename = path.basename(file);
+        return SECRET_PATTERNS.some((p) => p.test(basename));
+    });
+}
+/**
+ * Collect files to include in the tarball.
+ * Applies .gitignore rules and always-excluded patterns.
+ */
+export async function collectFiles(dir) {
+    const ig = ignore().add(ALWAYS_EXCLUDED);
+    // Parse .gitignore if present
+    try {
+        const gitignoreContent = await fs.readFile(path.join(dir, '.gitignore'), 'utf-8');
+        ig.add(gitignoreContent);
+    }
+    catch {
+        // No .gitignore — that's fine
+    }
+    const files = [];
+    async function walk(currentDir) {
+        const entries = await fs.readdir(currentDir, { withFileTypes: true });
+        for (const entry of entries) {
+            const fullPath = path.join(currentDir, entry.name);
+            const relativePath = path.relative(dir, fullPath);
+            // Use forward slashes for ignore matching (cross-platform)
+            const posixPath = relativePath.split(path.sep).join('/');
+            if (ig.ignores(posixPath))
+                continue;
+            if (entry.isDirectory()) {
+                // Check directory itself before recursing
+                if (ig.ignores(posixPath + '/'))
+                    continue;
+                await walk(fullPath);
+            }
+            else if (entry.isFile()) {
+                files.push(relativePath);
+            }
+            // Skip symlinks and other special entries
+        }
+    }
+    await walk(dir);
+    return files.sort();
+}
+/**
+ * Create a gzipped tarball of the docs directory.
+ * Respects .gitignore and excludes sensitive files.
+ */
+export async function createTarball(dir) {
+    const files = await collectFiles(dir);
+    if (files.length === 0) {
+        throw new CLIError('No files to deploy.', 'EMPTY_PROJECT', 1, 'Make sure you are in a Jamdesk project directory with docs.json and MDX files.');
+    }
+    const chunks = [];
+    let totalSize = 0;
+    const stream = create({ gzip: true, cwd: dir }, files);
+    for await (const chunk of stream) {
+        const buf = Buffer.from(chunk);
+        totalSize += buf.length;
+        if (totalSize > MAX_SIZE_BYTES) {
+            const sizeMB = (totalSize / (1024 * 1024)).toFixed(1);
+            throw new CLIError(`Project too large (>${sizeMB} MB). Maximum upload size is 100 MB.`, 'PROJECT_TOO_LARGE', 1, 'Exclude large files via .gitignore or remove unnecessary assets.');
+        }
+        chunks.push(buf);
+    }
+    const buffer = Buffer.concat(chunks);
+    return {
+        buffer,
+        fileCount: files.length,
+        size: buffer.length,
+    };
+}
+//# sourceMappingURL=tarball.js.map

package/dist/lib/tarball.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tarball.js","sourceRoot":"","sources":["../../src/lib/tarball.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,KAAK,CAAC;AAC7B,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,MAAM,aAAa,CAAC;AAC7B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,MAAM,cAAc,GAAG,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,SAAS;AAEnD,2EAA2E;AAC3E,MAAM,eAAe,GAAG;IACtB,MAAM;IACN,cAAc;IACd,OAAO;IACP,MAAM;IACN,QAAQ;IACR,OAAO;IACP,OAAO;IACP,kBAAkB;IAClB,SAAS;IACT,WAAW;IACX,WAAW;CACZ,CAAC;AAEF,kEAAkE;AAClE,MAAM,eAAe,GAAG;IACtB,SAAS;IACT,aAAa;IACb,QAAQ;IACR,QAAQ;IACR,qBAAqB;IACrB,gCAAgC;IAChC,UAAU;CACX,CAAC;AAEF,MAAM,UAAU,mBAAmB;IACjC,OAAO,CAAC,GAAG,eAAe,CAAC,CAAC;AAC9B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,KAAe;IAC7C,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE;QAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACrC,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,GAAW;IAC5C,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAEzC,8BAA8B;IAC9B,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,EAAE,OAAO,CAAC,CAAC;QAClF,EAAE,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,8BAA8B;IAChC,CAAC;IAED,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,UAAU,IAAI,CAAC,UAAkB;QACpC,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAEtE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACnD,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAClD,2DAA2D;YAC3D,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAEzD,IAAI,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC;gBAAE,SAAS;YAEpC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,0CAA0C;gBAC1C,IAAI,EAAE,CAAC,OAAO,CAAC,SAAS,GAAG,GAAG,CAAC;oBAAE,SAAS;gBAC1C,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC1B,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC3B,CAAC;YACD,0CAA0C;QAC5C,CAAC;IACH,CAAC;IAED,MAAM,IAAI,CAAC,GAAG,CAAC,CAAC;IAChB,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;AACtB,CAAC;AAQD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,GAAW;IAC7C,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,CAAC;IAEtC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,QAAQ,CAChB,qBAAqB,EACrB,eAAe,EACf,CAAC,EACD,gFAAgF,CACjF,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,MAAM,MAAM,GAAG,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,KAAK,CAAC,CAAC;IAEvD,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QACjC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAmB,CAAC,CAAC;QAC7C,SAAS,IAAI,GAAG,CAAC,MAAM,CAAC;QACxB,IAAI,SAAS,GAAG,cAAc,EAAE,CAAC;YAC/B,MAAM,MAAM,GAAG,CAAC,SAAS,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YACtD,MAAM,IAAI,QAAQ,CAChB,uBAAuB,MAAM,sCAAsC,EACnE,mBAAmB,EACnB,CAAC,EACD,kEAAkE,CACnE,CAAC;QACJ,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACnB,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAErC,OAAO;QACL,MAAM;QACN,SAAS,EAAE,KAAK,CAAC,MAAM;QACvB,IAAI,EAAE,MAAM,CAAC,MAAM;KACpB,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jamdesk",
-  "version": "1.0.13",
+  "version": "1.0.14",
   "description": "CLI for Jamdesk — build, preview, and deploy documentation sites from MDX. Dev server with hot reload, 50+ components, OpenAPI support, AI search, and Mintlify migration",
   "keywords": [
     "jamdesk",
@@ -101,8 +101,11 @@
     "fs-extra": "^11.2.0",
     "glob": "^13.0.6",
     "gray-matter": "^4.0.3",
+    "ignore": "^7.0.5",
     "json5": "^2.2.3",
-    "ora": "^9.3.0"
+    "open": "^11.0.0",
+    "ora": "^9.3.0",
+    "tar": "^7.5.9"
   },
   "devDependencies": {
     "@mdx-js/mdx": "^3.1.1",

package/vendored/app/[[...slug]]/page.tsx

@@ -22,6 +22,7 @@ export const dynamicParams = true; // Allow paths not in generateStaticParams
 import { MDXComponents } from '@/components/mdx/MDXComponents';
 import { Breadcrumb } from '@/components/navigation/Breadcrumb';
 import { TableOfContents } from '@/components/navigation/TableOfContents';
+import { PageColumns } from '@/components/layout/PageColumns';
 import { PageNavigation } from '@/components/navigation/PageNavigation';
 import { SocialFooter } from '@/components/navigation/SocialFooter';
 import { ApiPageWrapper } from '@/components/mdx/ApiPage';
@@ -690,26 +691,11 @@ export default async function DocPage({ params }: PageProps) {
     return <PanelWrapper>{articleContent}</PanelWrapper>;
   }
 
-  // Non-API pages: standard layout with Table of Contents
-  // Three-column layout: sidebar (from LayoutWrapper) | content (scrollable) | TOC (scrollable)
+  // Non-API pages: standard layout with Table of Contents (or inline chat)
+  // PageColumns handles TOC ↔ chat column switching on xl+ screens
   return (
-    <div className="flex h-full">
-      {/* Content column - scrolls independently, scrollbar appears to left of TOC */}
-      <div
-        id="content-scroll-container"
-        className="flex-1 min-w-0 lg:overflow-y-auto lg:h-full content-scroll"
-      >
-        {articleContent}
-      </div>
-
-      {/* Table of Contents - hidden when mode: "wide" is set in frontmatter */}
-      {!isWideMode && (
-        <aside className="hidden xl:block w-72 flex-shrink-0 xl:h-full xl:overflow-y-auto toc-scroll xl:ml-0.5 pr-2">
-          <div className="py-6 sm:py-10 pr-4">
-            <TableOfContents content={content} />
-          </div>
-        </aside>
-      )}
-    </div>
+    <PageColumns toc={<TableOfContents content={content} />} isWideMode={isWideMode}>
+      {articleContent}
+    </PageColumns>
   );
 }

package/vendored/app/api/chat/[project]/route.ts

@@ -0,0 +1,323 @@
+/**
+ * Chat API Route for AI Documentation Q&A
+ *
+ * Handles POST requests for AI-powered documentation chat. Uses Upstash Vector
+ * for RAG context retrieval and Claude Haiku 4.5 for streaming responses.
+ *
+ * Features:
+ * - SSE streaming (text chunks → clarification options → filtered citations → done)
+ * - Post-response citation filtering: only includes pages Claude actually referenced
+ * - Redis rate limiting (persistent across cold starts)
+ * - Conversation history support (capped at 10 messages)
+ *
+ * Security: No CORS headers — this endpoint is same-origin only.
+ * The docs site calls /_chat which middleware rewrites to /api/chat/{project}
+ * on the same origin. Cross-origin requests from other sites are blocked
+ * by the browser's same-origin policy.
+ *
+ * Usage:
+ *   POST https://acme.jamdesk.app/_chat
+ *   Content-Type: application/json
+ *   {"message": "How do I authenticate?", "history": []}
+ */
+import { NextRequest } from 'next/server';
+import { querySimilarChunks } from '@/lib/vector-store';
+import { buildSystemPrompt } from '@/lib/chat-prompt';
+import { getDocsPath, getBaseUrl, trackChatAnalytics } from '@/lib/route-helpers';
+import { getAnthropicClient } from '@/lib/anthropic-client';
+import { redis } from '@/lib/redis';
+
+export const runtime = 'nodejs';
+export const maxDuration = 30;
+
+const CHAT_MODEL = 'claude-haiku-4-5-20251001';
+const RATE_LIMIT = 10;
+const RATE_WINDOW_SECONDS = 60;
+const MAX_HISTORY = 10;
+const VALID_ROLES = new Set<string>(['user', 'assistant']);
+
+/**
+ * Extract citations from Claude's response by matching [Title] references
+ * against the vector search chunks. Deduplicates by page slug.
+ * Falls back to top 2 unique pages by score if Claude didn't cite anything.
+ */
+type Citation = { title: string; slug: string; section?: string };
+type ScoredChunk = { pageSlug: string; pageTitle: string; sectionHeading: string; score: number };
+
+function extractCitations(
+  responseText: string,
+  chunks: ScoredChunk[],
+): { sources: Citation[]; hadExplicitCitations: boolean } {
+  // Match [Title] but not markdown links [text](url)
+  const referencedTitles = new Set(
+    Array.from(responseText.matchAll(/\[([^\]]+)\](?!\()/g), (m) => m[1]),
+  );
+
+  const seen = new Set<string>();
+  const sources: Citation[] = [];
+
+  function addUniqueChunk(c: (typeof chunks)[number]): void {
+    if (seen.has(c.pageSlug)) return;
+    seen.add(c.pageSlug);
+    sources.push({ title: c.pageTitle, slug: c.pageSlug, section: c.sectionHeading });
+  }
+
+  // Filter chunks to only those Claude referenced, deduplicate by slug
+  for (const c of chunks) {
+    if (referencedTitles.has(c.pageTitle)) addUniqueChunk(c);
+  }
+
+  // Record whether Claude explicitly cited sources before the fallback
+  const hadExplicitCitations = sources.length > 0;
+
+  // Fallback: if Claude didn't cite anything explicitly, show top 2 unique pages by score
+  if (sources.length === 0) {
+    for (const c of chunks) {
+      addUniqueChunk(c);
+      if (sources.length >= 2) break;
+    }
+  }
+
+  return { sources, hadExplicitCitations };
+}
+
+/**
+ * Detect option lists in Claude's response that indicate a clarification question.
+ * Returns extracted option strings, or null if the response is a normal answer.
+ *
+ * Heuristic guards to avoid false positives on instructional lists:
+ * - Response must contain a question mark or colon (clarification Qs ask something)
+ * - Response must be short (< 500 chars — clarification Qs are brief)
+ * - Must be 2-3 items (instructional lists tend to be longer)
+ * - List must be at the END of the response
+ *
+ * Supports numbered (1. 2. 3.) and unnumbered (plain lines) formats.
+ * Strips markdown formatting (bold, backticks) from option text.
+ */
+export function extractClarificationOptions(responseText: string): string[] | null {
+  // Trim trailing whitespace/newlines so the $ anchor in option-list regexes
+  // matches reliably — SSE text deltas can include trailing newlines.
+  const text = responseText.trimEnd();
+
+  // Must indicate a question. A `?` always qualifies. A `:` only qualifies when
+  // the preamble contains clarification words (to avoid false positives on
+  // instructional lists like "To enable dark mode:\n\n1. Open Settings").
+  const hasQuestion = text.includes('?');
+  const hasClarificationColon = !hasQuestion
+    && text.includes(':')
+    && /\b(which|what|clarify|interested|looking for|asking|type of|kind of)\b/i.test(text);
+  if (!hasQuestion && !hasClarificationColon) return null;
+
+  // Only short responses are likely clarification questions
+  if (text.length > 500) return null;
+
+  // Strip markdown formatting (bold, italic, backticks) from option labels
+  function cleanOption(text: string): string {
+    return text.trim().replace(/[*`]/g, '');
+  }
+
+  // Primary: numbered list (1. 2. 3.) at the end
+  const numbered = text.match(
+    /\n\n1\.\s+(.+)\n2\.\s+(.+)(?:\n3\.\s+(.+))?$/,
+  );
+  if (numbered) {
+    const options = [cleanOption(numbered[1]), cleanOption(numbered[2])];
+    if (numbered[3]) options.push(cleanOption(numbered[3]));
+    return options;
+  }
+
+  // Fallback: unnumbered list (2-3 short lines at the end, after a blank line)
+  // Each line must be short (< 80 chars) and non-empty to distinguish from paragraphs
+  const unnumbered = text.match(
+    /\n\n([^\n]{2,80})\n([^\n]{2,80})(?:\n([^\n]{2,80}))?$/,
+  );
+  if (unnumbered) {
+    // Extra guard: lines must NOT look like sentences (no periods at end)
+    const lines = [unnumbered[1], unnumbered[2], unnumbered[3]].filter(Boolean) as string[];
+    const looksLikeOptions = lines.every(l => !l.trim().endsWith('.') && l.trim().length < 80);
+    if (looksLikeOptions && lines.length >= 2) {
+      return lines.map(cleanOption);
+    }
+  }
+
+  return null;
+}
+
+export async function POST(
+  request: NextRequest,
+  context: { params: Promise<{ project: string }> },
+): Promise<Response> {
+  const startTime = Date.now();
+  const { project } = await context.params;
+  // Use first IP from x-forwarded-for (set by Vercel/Cloud Run infrastructure).
+  // Fallback to user-agent hash to avoid a shared 'unknown' bucket that would
+  // rate-limit all unidentified clients together.
+  const forwarded = request.headers.get('x-forwarded-for')?.split(',')[0]?.trim();
+  const ip = forwarded || `ua:${request.headers.get('user-agent')?.slice(0, 64) || 'none'}`;
+
+  // Rate limit via Upstash Redis (persistent across Vercel cold starts)
+  // Key is scoped per-project so each docs site has its own rate limit.
+  // If Redis is down, skip rate limiting rather than failing the request.
+  if (redis) {
+    try {
+      const key = `chat_rl:${project}:${ip}`;
+      const count = await redis.incr(key);
+      if (count === 1) await redis.expire(key, RATE_WINDOW_SECONDS);
+      if (count > RATE_LIMIT) {
+        return Response.json(
+          { error: 'Rate limit exceeded. Try again in a minute.' },
+          { status: 429 },
+        );
+      }
+    } catch {
+      // Redis unavailable — allow request through without rate limiting
+    }
+  }
+
+  let body: { message: unknown; history?: unknown[] };
+  try {
+    body = await request.json();
+  } catch {
+    return Response.json({ error: 'Invalid request body' }, { status: 400 });
+  }
+
+  const { message, history: rawHistory = [] } = body;
+
+  if (!message || typeof message !== 'string' || message.length > 2000) {
+    return Response.json({ error: 'Invalid message' }, { status: 400 });
+  }
+
+  // Sanitize history: only allow valid roles, string content, capped length
+  const history = (Array.isArray(rawHistory) ? rawHistory : [])
+    .filter((h): h is { role: 'user' | 'assistant'; content: string } => {
+      if (!h || typeof h !== 'object') return false;
+      const entry = h as Record<string, unknown>;
+      return VALID_ROLES.has(entry.role as string) && typeof entry.content === 'string';
+    })
+    .map((h) => ({ role: h.role, content: h.content.slice(0, 4000) }));
+
+  // Enrich short messages with conversation context for better vector search.
+  // When user picks a clarification option (e.g., "Post Analytics"), the message
+  // alone is too short for good retrieval. Combine with the preceding question.
+  let searchQuery = message;
+  if (message.length < 60 && history.length > 0) {
+    const prevUserMsg = [...history].reverse().find(
+      h => h.role === 'user' && h.content !== message,
+    );
+    if (prevUserMsg) {
+      searchQuery = `${prevUserMsg.content} — ${message}`;
+    }
+  }
+
+  // Query Upstash Vector for relevant chunks
+  let chunks: Awaited<ReturnType<typeof querySimilarChunks>>;
+  try {
+    chunks = await querySimilarChunks(project, searchQuery, 8);
+  } catch {
+    return Response.json(
+      { error: 'AI chat is not available for this project.' },
+      { status: 503 },
+    );
+  }
+
+  if (chunks.length === 0) {
+    return Response.json(
+      { error: 'No documentation content found for this project.' },
+      { status: 404 },
+    );
+  }
+
+  const anthropic = getAnthropicClient();
+  if (!anthropic) {
+    return Response.json(
+      { error: 'AI chat is not configured.' },
+      { status: 503 },
+    );
+  }
+
+  // Resolve project URLs — falls back to defaults if R2/config unavailable
+  const originalHost = request.headers.get('x-jamdesk-forwarded-host')
+    || request.headers.get('x-original-host') || '';
+  const baseUrl = getBaseUrl(project, originalHost);
+  let docsPath: string;
+  try {
+    docsPath = await getDocsPath(project, originalHost);
+  } catch {
+    docsPath = '';
+  }
+
+  // Build system prompt with retrieved context
+  const systemPrompt = buildSystemPrompt(project, chunks, baseUrl, docsPath);
+
+  const stream = anthropic.messages.stream({
+    model: CHAT_MODEL,
+    max_tokens: 2048,
+    temperature: 0.3,
+    system: systemPrompt,
+    messages: [
+      ...history.slice(-MAX_HISTORY),
+      { role: 'user', content: message },
+    ],
+  });
+
+  const encoder = new TextEncoder();
+  function sendEvent(data: Record<string, unknown>): Uint8Array {
+    return encoder.encode(`data: ${JSON.stringify(data)}\n\n`);
+  }
+
+  const readable = new ReadableStream({
+    async start(controller) {
+      let fullText = '';
+
+      try {
+        for await (const event of stream) {
+          if (event.type === 'content_block_delta' && event.delta.type === 'text_delta') {
+            fullText += event.delta.text;
+            controller.enqueue(sendEvent({ type: 'text', content: event.delta.text }));
+          }
+        }
+
+        // After streaming completes, get token usage
+        const finalMessage = await stream.finalMessage();
+        const inputTokens = finalMessage.usage?.input_tokens ?? 0;
+        const outputTokens = finalMessage.usage?.output_tokens ?? 0;
+
+        // Extract clarification options (if Claude asked a disambiguation question)
+        const options = extractClarificationOptions(fullText);
+        if (options) {
+          controller.enqueue(sendEvent({ type: 'clarification', options }));
+        }
+
+        // Extract [Title] references from Claude's response (skip markdown links [text](url))
+        const { sources, hadExplicitCitations } = extractCitations(fullText, chunks);
+        controller.enqueue(sendEvent({ type: 'citations', sources }));
+        controller.enqueue(sendEvent({ type: 'done' }));
+
+        // Fire-and-forget analytics — only on success (finalMessage unreliable on error)
+        trackChatAnalytics({
+          projectSlug: project,
+          query: message,
+          resultsCount: chunks.length,
+          inputTokens,
+          outputTokens,
+          model: CHAT_MODEL,
+          hadExplicitCitations,
+          hasClarification: options !== null,
+          durationMs: Date.now() - startTime,
+          userAgent: request.headers.get('user-agent') || undefined,
+        }).catch(() => {});
+      } catch {
+        controller.enqueue(sendEvent({ type: 'error', message: 'The response was interrupted. Please try again.' }));
+      }
+      controller.close();
+    },
+  });
+
+  return new Response(readable, {
+    headers: {
+      'Content-Type': 'text/event-stream',
+      'Cache-Control': 'no-cache',
+      'Connection': 'keep-alive',
+    },
+  });
+}

package/vendored/app/api/mcp/[project]/route.ts

@@ -10,9 +10,8 @@
  *   {"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}
  */
 import { NextRequest, NextResponse } from 'next/server';
-import { redis } from '@/lib/redis';
-import { isCustomDomain, parseRedisConfig } from '@/lib/domain-helpers';
 import { searchProject, getPageContent } from '@/lib/mcp-search';
+import { getDocsPath, getBaseUrl, trackServerAnalytics } from '@/lib/route-helpers';
 
 export const runtime = 'nodejs';
 export const maxDuration = 30;
@@ -58,66 +57,6 @@ globalThis.__resetMcpRateLimitForTesting = function(): void {
   lastCleanup = Date.now();
 };
 
-/**
- * Track MCP search analytics (fire-and-forget).
- */
-async function trackMcpSearch(
-  projectSlug: string,
-  query: string,
-  resultsCount: number
-): Promise<void> {
-  const trackingUrl = process.env.TRACKING_URL || 'https://us-central1-jamdesk-prod.cloudfunctions.net/trackSearchAnalytics';
-
-  try {
-    await fetch(trackingUrl, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({
-        projectSlug,
-        type: 'search_query',
-        query,
-        resultsCount,
-        sessionId: `mcp-${Date.now()}`,
-        source: 'mcp',
-      }),
-    });
-  } catch {
-    // Silent failure - don't break search if analytics fails
-  }
-}
-
-/**
- * Get docsPath for a project based on hostAtDocs config.
- * Handles both subdomains (projectCfg) and custom domains (domainCfg).
- * Defaults to '/docs' (hostAtDocs=true) for safety - most Jamdesk sites use this.
- */
-async function getDocsPath(project: string, originalHost: string): Promise<string> {
-  if (!redis) return '/docs';
-
-  try {
-    const key = isCustomDomain(originalHost) ? `domainCfg:${originalHost}` : `projectCfg:${project}`;
-    const cfg = parseRedisConfig(await redis.get(key));
-    if (cfg) {
-      return cfg.hostAtDocs !== false ? '/docs' : '';
-    }
-  } catch {
-    // Fall through to default
-  }
-
-  return '/docs';
-}
-
-/**
- * Get the base URL for a project.
- * Uses the resolved host for custom/forwarded domains, falls back to project.jamdesk.app.
- */
-function getBaseUrl(project: string, resolvedHost: string): string {
-  const hostname = resolvedHost.split(':')[0];
-  return isCustomDomain(hostname)
-    ? `https://${hostname}`
-    : `https://${project}.jamdesk.app`;
-}
-
 // CORS headers for cross-origin MCP clients
 const CORS_HEADERS: HeadersInit = {
   'Access-Control-Allow-Origin': '*',
@@ -324,7 +263,7 @@ export async function POST(
           const results = await searchProject(project, query, limit, type, docsPath);
 
           // Track analytics (fire-and-forget, don't await)
-          trackMcpSearch(project, query, results.length).catch(() => {});
+          trackServerAnalytics({ projectSlug: project, type: 'search_query', query, resultsCount: results.length, source: 'mcp' }).catch(() => {});
 
           return jsonResponse({
             jsonrpc: '2.0',

package/vendored/components/chat/ChatCodeBlock.tsx

@@ -0,0 +1,63 @@
+'use client';
+
+import { memo, useState } from 'react';
+import { useShikiHighlight } from '@/hooks/useShikiHighlight';
+
+interface ChatCodeBlockProps {
+  className?: string;
+  children: string;
+}
+
+/**
+ * Syntax-highlighted code block for chat messages with a copy button.
+ * Uses the existing Shiki highlighter with a plain code fallback while loading.
+ *
+ * Security note: dangerouslySetInnerHTML is safe here because the HTML comes from
+ * Shiki's highlightCode(), which generates markup from source code tokens — not from
+ * user-supplied HTML. This is the same trusted pattern used throughout the codebase
+ * (see CodePanel, OpenApiEndpoint, etc.).
+ *
+ * Memoized so Shiki doesn't re-highlight unchanged code blocks during streaming.
+ * When the assistant streams text after a code block, ChatMessage re-renders but
+ * the code block's children are the same — memo prevents a redundant Shiki call.
+ */
+export const ChatCodeBlock = memo(function ChatCodeBlock({ className, children }: ChatCodeBlockProps) {
+  // Extract language from className (e.g., "language-javascript" -> "javascript")
+  const language = className?.replace('language-', '') || 'text';
+  const code = children.replace(/\n$/, '');
+
+  const { html, isLoading } = useShikiHighlight(code, language);
+  const [copied, setCopied] = useState(false);
+
+  function handleCopy(): void {
+    navigator.clipboard.writeText(code).then(() => {
+      setCopied(true);
+      setTimeout(() => setCopied(false), 2000);
+    }).catch(() => {
+      // clipboard API unavailable (non-HTTPS context)
+    });
+  }
+
+  return (
+    <div className="relative group my-2 border border-[var(--color-border)]/60 rounded-lg">
+      <button
+        onClick={handleCopy}
+        className="absolute top-2 right-2 p-1.5 rounded-md opacity-100 sm:opacity-0 sm:group-hover:opacity-100 transition-opacity bg-white/10 text-[var(--color-text-muted)] hover:text-[var(--color-text-primary)] text-xs z-10 cursor-pointer"
+        aria-label="Copy code"
+        title={copied ? 'Copied!' : 'Copy code'}
+      >
+        <i className={`fa-solid ${copied ? 'fa-check text-green-400' : 'fa-copy'}`} aria-hidden="true" />
+      </button>
+      {isLoading ? (
+        <pre className="rounded-lg bg-[var(--code-panel-bg,#0d1117)] p-3 overflow-x-auto text-sm">
+          <code>{code}</code>
+        </pre>
+      ) : (
+        <div
+          className="rounded-lg overflow-hidden text-sm [&_pre]:!m-0 [&_pre]:!p-3 [&_pre]:!rounded-lg [&_.shiki]:!rounded-lg"
+          dangerouslySetInnerHTML={{ __html: html }}
+        />
+      )}
+    </div>
+  );
+});