latticesql 4.2.2 → 4.2.4

package/README.md

@@ -138,6 +138,8 @@ npm install latticesql
 
 Requires **Node.js 18+**. The default backend is SQLite (`better-sqlite3`) — no external database process needed.
 
+> **Prefer a desktop app?** Download a native, double-click build of the GUI (no terminal) for macOS or Windows from [latticesql.com/install](https://latticesql.com/install) — it runs the same GUI server. See [docs/desktop.md](docs/desktop.md).
+
 To use the Postgres backend (for Supabase, Neon, RDS, or any other Postgres-compatible database), install the optional dependency:
 
 ```bash

package/dist/cli.js

@@ -1015,7 +1015,7 @@ var init_manifest = __esm({
   "src/lifecycle/manifest.ts"() {
     "use strict";
     init_writer();
-    TEMPLATE_VERSION = 2;
+    TEMPLATE_VERSION = 3;
   }
 });
 
@@ -1494,17 +1494,179 @@ var init_sqlite = __esm({
   }
 });
 
+// src/db/sqlite-deno.ts
+import { createRequire as createRequire2 } from "module";
+function runtimeRequire2() {
+  const importMetaUrl = import.meta.url;
+  return importMetaUrl ? createRequire2(importMetaUrl) : __require;
+}
+function loadNodeSqlite() {
+  if (_ctor2) return _ctor2;
+  const mod = runtimeRequire2()("node:sqlite");
+  if (!mod.DatabaseSync) {
+    throw new Error(
+      "node:sqlite is unavailable in this runtime \u2014 cannot open the Deno SQLite adapter"
+    );
+  }
+  _ctor2 = mod.DatabaseSync;
+  return _ctor2;
+}
+var _ctor2, DenoSqliteAdapter;
+var init_sqlite_deno = __esm({
+  "src/db/sqlite-deno.ts"() {
+    "use strict";
+    _ctor2 = null;
+    DenoSqliteAdapter = class {
+      dialect = "sqlite";
+      _db = null;
+      _path;
+      _wal;
+      _busyTimeout;
+      constructor(path3, options) {
+        this._path = path3;
+        this._wal = options?.wal ?? true;
+        this._busyTimeout = options?.busyTimeout ?? 5e3;
+      }
+      get db() {
+        if (!this._db) throw new Error("DenoSqliteAdapter: not open \u2014 call open() first");
+        return this._db;
+      }
+      open() {
+        const Ctor = loadNodeSqlite();
+        this._db = new Ctor(this._path);
+        this._db.exec(`PRAGMA busy_timeout = ${this._busyTimeout.toString()}`);
+        if (this._wal) {
+          this._db.exec("PRAGMA journal_mode = WAL");
+        }
+      }
+      close() {
+        this._db?.close();
+        this._db = null;
+      }
+      run(sql, params = []) {
+        this.db.prepare(sql).run(...params);
+      }
+      get(sql, params = []) {
+        return this.db.prepare(sql).get(...params);
+      }
+      all(sql, params = []) {
+        return this.db.prepare(sql).all(...params);
+      }
+      prepare(sql) {
+        const stmt = this.db.prepare(sql);
+        return {
+          run: (...params) => {
+            const info = stmt.run(...params);
+            return {
+              changes: Number(info.changes),
+              lastInsertRowid: info.lastInsertRowid
+            };
+          },
+          get: (...params) => stmt.get(...params),
+          all: (...params) => stmt.all(...params)
+        };
+      }
+      introspectColumns(table) {
+        const rows = this.all(`PRAGMA table_info("${table}")`);
+        return rows.map((r6) => r6.name);
+      }
+      /** Mirror of SQLiteAdapter.addColumn — SQLite ALTER quirks are binding-agnostic. */
+      addColumn(table, column, typeSpec) {
+        const upperType = typeSpec.toUpperCase();
+        if (upperType.includes("PRIMARY KEY")) return;
+        const hasNonConstantDefault = upperType.includes("CURRENT_TIMESTAMP") || /DATETIME\s*\(\s*'NOW'\s*\)/i.test(typeSpec) || upperType.includes("RANDOM()");
+        if (hasNonConstantDefault) {
+          const safeType = typeSpec.replace(/\bNOT\s+NULL\b/gi, "").replace(/\bDEFAULT\s+\(?\s*CURRENT_TIMESTAMP\s*\)?/gi, "").replace(/\bDEFAULT\s+\(?\s*datetime\([^)]*\)\s*\)?/gi, "").replace(/\bDEFAULT\s+\(?\s*RANDOM\(\)\s*\)?/gi, "").replace(/\s+/g, " ").trim();
+          this.run(`ALTER TABLE "${table}" ADD COLUMN "${column}" ${safeType || "TEXT"}`);
+          this.run(`UPDATE "${table}" SET "${column}" = CURRENT_TIMESTAMP WHERE "${column}" IS NULL`);
+        } else {
+          this.run(`ALTER TABLE "${table}" ADD COLUMN "${column}" ${typeSpec}`);
+        }
+      }
+      /**
+       * O(1) watch-loop change-probe — same composition as SQLiteAdapter, but
+       * `data_version` is read with a plain prepared statement because node:sqlite
+       * has no `.pragma(name, { simple: true })` scalar helper.
+       */
+      changeProbe() {
+        const dataVersion = this.db.prepare("PRAGMA data_version").get().data_version;
+        const totalChanges = this.db.prepare("SELECT total_changes() AS n").get().n;
+        return `${String(dataVersion)}:${String(totalChanges)}`;
+      }
+      // ── Async surface (sync under the hood; mirrors SQLiteAdapter) ──────────
+      // eslint-disable-next-line @typescript-eslint/require-await
+      async runAsync(sql, params) {
+        this.run(sql, params);
+      }
+      // eslint-disable-next-line @typescript-eslint/require-await
+      async getAsync(sql, params) {
+        return this.get(sql, params);
+      }
+      // eslint-disable-next-line @typescript-eslint/require-await
+      async allAsync(sql, params) {
+        return this.all(sql, params);
+      }
+      // eslint-disable-next-line @typescript-eslint/require-await
+      async introspectColumnsAsync(table) {
+        return this.introspectColumns(table);
+      }
+      // eslint-disable-next-line @typescript-eslint/require-await
+      async introspectAllColumns(tables) {
+        const map = /* @__PURE__ */ new Map();
+        for (const t8 of tables) {
+          try {
+            const cols = this.introspectColumns(t8);
+            if (cols.length > 0) map.set(t8, new Set(cols));
+          } catch {
+          }
+        }
+        return map;
+      }
+      // eslint-disable-next-line @typescript-eslint/require-await
+      async addColumnAsync(table, column, typeSpec) {
+        this.addColumn(table, column, typeSpec);
+      }
+      /** BEGIN/COMMIT around an awaited fn; ROLLBACK on throw. Mirror of SQLiteAdapter. */
+      async withClient(fn) {
+        const dbRef = this.db;
+        const getSync = this.get.bind(this);
+        const allSync = this.all.bind(this);
+        const tx = {
+          run: (sql, params) => {
+            const info = dbRef.prepare(sql).run(...params ?? []);
+            return Promise.resolve({ changes: Number(info.changes) });
+          },
+          get: (sql, params) => Promise.resolve(getSync(sql, params ?? [])),
+          all: (sql, params) => Promise.resolve(allSync(sql, params ?? []))
+        };
+        this.run("BEGIN");
+        try {
+          const result = await fn(tx);
+          this.run("COMMIT");
+          return result;
+        } catch (err) {
+          try {
+            this.run("ROLLBACK");
+          } catch {
+          }
+          throw err;
+        }
+      }
+    };
+  }
+});
+
 // src/db/postgres.ts
 import path2 from "path";
 import { fileURLToPath } from "url";
-import { createRequire as createRequire2 } from "module";
+import { createRequire as createRequire3 } from "module";
 function moduleContext() {
   if (_moduleContext) return _moduleContext;
   const importMetaUrl = import.meta.url;
   if (importMetaUrl) {
     _moduleContext = {
       dir: path2.dirname(fileURLToPath(importMetaUrl)),
-      require: createRequire2(importMetaUrl)
+      require: createRequire3(importMetaUrl)
     };
   } else {
     _moduleContext = { dir: __dirname, require: __require };
@@ -4208,6 +4370,64 @@ function cleanupEntityContexts(outputDir, entityContexts, currentSlugsByTable, m
     warnings: []
   };
   if (manifest === null) return result;
+  if (options.removeOrphanedDirectories !== false) {
+    for (const [table, entry] of Object.entries(manifest.entityContexts)) {
+      if (entityContexts.has(table)) continue;
+      const directoryRoot = entry.directoryRoot;
+      const rootPath = join6(outputDir, directoryRoot);
+      if (!existsSync6(rootPath)) continue;
+      const globalProtected = new Set(options.protectedFiles ?? []);
+      for (const [slug, files] of Object.entries(entry.entities)) {
+        const entityDir = join6(rootPath, slug);
+        if (!existsSync6(entityDir)) continue;
+        for (const filename of entityFileNames(files)) {
+          if (globalProtected.has(filename)) continue;
+          const filePath = join6(entityDir, filename);
+          if (!existsSync6(filePath)) continue;
+          if (!options.dryRun) unlinkSync3(filePath);
+          options.onOrphan?.(filePath, "file");
+          result.filesRemoved.push(filePath);
+        }
+        let remaining;
+        try {
+          remaining = existsSync6(entityDir) ? readdirSync2(entityDir) : [];
+        } catch {
+          remaining = [];
+        }
+        if (remaining.length === 0) {
+          if (!options.dryRun) {
+            try {
+              rmdirSync(entityDir);
+            } catch {
+            }
+          }
+          options.onOrphan?.(entityDir, "directory");
+          result.directoriesRemoved.push(entityDir);
+        } else {
+          result.directoriesSkipped.push(entityDir);
+          result.warnings.push(
+            `${entityDir}: left in place (contains user files: ${remaining.join(", ")})`
+          );
+        }
+      }
+      let rootRemaining;
+      try {
+        rootRemaining = existsSync6(rootPath) ? readdirSync2(rootPath) : [];
+      } catch {
+        rootRemaining = [];
+      }
+      if (rootRemaining.length === 0) {
+        if (!options.dryRun) {
+          try {
+            rmdirSync(rootPath);
+          } catch {
+          }
+        }
+        options.onOrphan?.(rootPath, "directory");
+        result.directoriesRemoved.push(rootPath);
+      }
+    }
+  }
   for (const [table, def] of entityContexts) {
     const entry = manifest.entityContexts[table];
     if (!entry) continue;
@@ -4704,7 +4924,8 @@ var init_engine = __esm({
         const currentSlugsByTable = /* @__PURE__ */ new Map();
         for (const [table, def] of entityContexts) {
           const rows = await this._schema.queryTable(this._adapter, table, this._schema.readRel);
-          const slugs = new Set(rows.map((row) => def.slug(row)));
+          const entityPk = this._schema.getPrimaryKey(table)[0] ?? "id";
+          const slugs = new Set(_RenderEngine._disambiguateSlugs(rows, def.slug, entityPk));
           currentSlugsByTable.set(table, slugs);
         }
         return cleanupEntityContexts(
@@ -4753,6 +4974,71 @@ var init_engine = __esm({
       static _normKey(v2) {
         return String(v2);
       }
+      /**
+       * Sanitize and validate ONE base slug.
+       *
+       * Replaces non-ASCII whitespace (e.g. the macOS narrow no-break space U+202F
+       * that shows up in screenshot filenames) with a regular space, strips control
+       * characters, then rejects any slug that still contains a character outside the
+       * allowed set (the path-traversal guard). Throws on an invalid slug — never
+       * silently rewrites it.
+       */
+      static _sanitizeSlug(rawSlug) {
+        const slug = rawSlug.replace(/[\u00A0\u2000-\u200B\u202F\u205F\u3000]/g, " ").replace(/[\u0000-\u001F\u007F]/g, "");
+        if (/[^a-zA-Z0-9.\-_ @(),#&'+:;!~[\]]/.test(slug)) {
+          throw new Error(`Invalid slug "${slug}": contains characters outside the allowed set`);
+        }
+        return slug;
+      }
+      /**
+       * Disambiguate per-row slugs so two rows that produce the SAME base slug do not
+       * write to (and clobber) the same directory.
+       *
+       * Returns one final slug per row, in the SAME order as `rows`. A base slug used
+       * by exactly one row is returned unchanged (no churn for the common case). When
+       * a base slug is shared by >1 row, EVERY colliding row gets a short, stable
+       * suffix derived from its primary key (`<base>-<pk8>`), so the result is
+       * order-independent: the same row gets the same slug on every render regardless
+       * of row order. The suffix lengthens only if two rows' 8-char PK prefixes still
+       * collide (e.g. shared prefix), guaranteeing uniqueness without changing the
+       * common-case output. Slugs are sanitized + path-traversal-validated via
+       * {@link _sanitizeSlug}; `def.slug` itself is never modified.
+       */
+      static _disambiguateSlugs(rows, slugFn, pkCol) {
+        const baseSlugs = rows.map((row) => _RenderEngine._sanitizeSlug(slugFn(row)));
+        const byBase = /* @__PURE__ */ new Map();
+        for (let i6 = 0; i6 < baseSlugs.length; i6++) {
+          const base = baseSlugs[i6];
+          const bucket = byBase.get(base);
+          if (bucket) bucket.push(i6);
+          else byBase.set(base, [i6]);
+        }
+        const final = baseSlugs.map(() => "");
+        const pkOf = (i6) => {
+          const v2 = rows[i6]?.[pkCol];
+          let s2;
+          if (v2 == null) s2 = "";
+          else if (typeof v2 === "object") s2 = JSON.stringify(v2);
+          else s2 = String(v2);
+          return _RenderEngine._sanitizeSlug(s2).replace(/[ /\\]/g, "");
+        };
+        for (const [base, indices] of byBase) {
+          if (indices.length === 1) {
+            final[indices[0]] = base;
+            continue;
+          }
+          const pks = indices.map(pkOf);
+          const maxLen = Math.max(...pks.map((p3) => p3.length), 1);
+          let len = 8;
+          while (len < maxLen && new Set(pks.map((p3) => p3.slice(0, len))).size !== pks.length) {
+            len += 4;
+          }
+          for (let k6 = 0; k6 < indices.length; k6++) {
+            final[indices[k6]] = `${base}-${pks[k6].slice(0, len)}`;
+          }
+        }
+        return final;
+      }
       /**
        * Prefetch the batchable belongsTo sources for one entity-context table.
        * For each (target+filters+softDelete) group, issue exactly ONE
@@ -4833,6 +5119,7 @@ var init_engine = __esm({
             const baseRows = await this._schema.queryTable(this._adapter, table, this._schema.readRel);
             const allRows = this._foldRows ? await this._foldRows(table, baseRows) : baseRows;
             const directoryRoot = def.directoryRoot ?? table;
+            const finalSlugs = _RenderEngine._disambiguateSlugs(allRows, def.slug, entityPk);
             const belongsToBatches = await this._prefetchBelongsToBatches(
               def,
               allRows,
@@ -4874,11 +5161,7 @@ var init_engine = __esm({
               if (i6 > 0 && i6 % YIELD_EVERY_ENTITIES === 0) {
                 await new Promise((r6) => setImmediate(r6));
               }
-              const rawSlug = def.slug(entityRow);
-              const slug = rawSlug.replace(/[\u00A0\u2000-\u200B\u202F\u205F\u3000]/g, " ").replace(/[\u0000-\u001F\u007F]/g, "");
-              if (/[^a-zA-Z0-9.\-_ @(),#&'+:;!~[\]]/.test(slug)) {
-                throw new Error(`Invalid slug "${slug}": contains characters outside the allowed set`);
-              }
+              const slug = finalSlugs[i6];
               const entityDir = def.directory ? join7(outputDir, def.directory(entityRow)) : join7(outputDir, directoryRoot, slug);
               const resolvedDir = resolve3(entityDir);
               const resolvedBase = resolve3(outputDir);
@@ -9572,6 +9855,9 @@ function buildAdapter(dbPath, options) {
   const adapterOpts = {};
   if (options.wal !== void 0) adapterOpts.wal = options.wal;
   if (options.busyTimeout !== void 0) adapterOpts.busyTimeout = options.busyTimeout;
+  if (typeof globalThis.Deno !== "undefined") {
+    return new DenoSqliteAdapter(sqlitePath, adapterOpts);
+  }
   return new SQLiteAdapter(sqlitePath, adapterOpts);
 }
 function _resolveTemplateName(render) {
@@ -9591,6 +9877,7 @@ var init_lattice = __esm({
     init_render_cursor();
     init_adapter();
     init_sqlite();
+    init_sqlite_deno();
     init_postgres();
     init_pk();
     init_manager();
@@ -13763,9 +14050,6 @@ async function resolveClaudeAuth(db) {
   const apiKey = await resolveAnthropicKey(db);
   return apiKey ? { apiKey } : null;
 }
-async function hasClaudeAuth(db) {
-  return Boolean(await readMachineCredential(db, CLAUDE_OAUTH_KIND)) || await hasCredential(db, "anthropic", "ANTHROPIC_API_KEY");
-}
 async function claudeAuthKind(db) {
   if (await readMachineCredential(db, CLAUDE_OAUTH_KIND)) return "oauth";
   if (await hasCredential(db, "anthropic", "ANTHROPIC_API_KEY")) return "key";
@@ -13793,7 +14077,6 @@ async function dispatchAssistantRoute(req, res, ctx) {
       hasAnthropicKey,
       hasOpenaiKey,
       hasElevenlabsKey,
-      hasClaudeAuth: await hasClaudeAuth(db),
       claudeAuthKind: await claudeAuthKind(db),
       hasVoiceKey: voice !== null,
       sttProvider: voice?.provider ?? null,
@@ -13921,13 +14204,17 @@ async function dispatchAssistantRoute(req, res, ctx) {
     const verifier = generatePkceVerifier();
     const state2 = generateState();
     const cookieOpts = "HttpOnly; Path=/; Max-Age=600; SameSite=Lax";
-    res.writeHead(302, {
-      Location: buildAuthorizeUrl(cfg, state2, pkceChallengeFor(verifier)),
-      "Set-Cookie": [
-        `lat_oauth_verifier=${verifier}; ${cookieOpts}`,
-        `lat_oauth_state=${state2}; ${cookieOpts}`
-      ]
-    });
+    const setCookie = [
+      `lat_oauth_verifier=${verifier}; ${cookieOpts}`,
+      `lat_oauth_state=${state2}; ${cookieOpts}`
+    ];
+    const authorizeUrl = buildAuthorizeUrl(cfg, state2, pkceChallengeFor(verifier));
+    if ((req.headers.accept ?? "").includes("application/json")) {
+      res.writeHead(200, { "Content-Type": "application/json", "Set-Cookie": setCookie });
+      res.end(JSON.stringify({ authorizeUrl }));
+      return true;
+    }
+    res.writeHead(302, { Location: authorizeUrl, "Set-Cookie": setCookie });
     res.end();
     return true;
   }
@@ -15994,7 +16281,7 @@ var init_extract = __esm({
 });
 
 // src/ai/llm-client.ts
-import { createRequire as createRequire4 } from "module";
+import { createRequire as createRequire5 } from "module";
 var DEFAULT_MODEL;
 var init_llm_client = __esm({
   "src/ai/llm-client.ts"() {
@@ -16548,7 +16835,7 @@ var init_url_safety = __esm({
 import { JSDOM } from "jsdom";
 import { Readability } from "@mozilla/readability";
 import { basename as basename5 } from "path";
-import { createRequire as createRequire5 } from "module";
+import { createRequire as createRequire6 } from "module";
 async function crawlUrl(rawUrl, opts = {}) {
   const u2 = await assertSafeUrl(rawUrl, opts.allowPrivate ?? false);
   const fetchImpl = opts.fetcher ?? fetch;
@@ -16795,7 +17082,7 @@ async function renderViaPlaywright(url, timeoutMs, warnIfMissing = false) {
   let chromium;
   try {
     const importMetaUrl = import.meta.url;
-    const req = importMetaUrl ? createRequire5(importMetaUrl) : __require;
+    const req = importMetaUrl ? createRequire6(importMetaUrl) : __require;
     const pw = req("playwright");
     chromium = pw.chromium;
   } catch {
@@ -17726,7 +18013,7 @@ var init_tools = __esm({
 });
 
 // src/gui/ai/chat.ts
-import { createRequire as createRequire6 } from "module";
+import { createRequire as createRequire7 } from "module";
 function capToolResult(s2) {
   if (s2.length <= MAX_TOOL_RESULT_CHARS) return s2;
   if (s2.length > MAX_TOOL_RESULT_SKIP)
@@ -17959,7 +18246,7 @@ async function* runChat(opts) {
 function loadSdk() {
   if (!_sdk) {
     const importMetaUrl = import.meta.url;
-    const req = importMetaUrl ? createRequire6(importMetaUrl) : __require;
+    const req = importMetaUrl ? createRequire7(importMetaUrl) : __require;
     try {
       _sdk = req("@anthropic-ai/sdk");
     } catch (err) {
@@ -58314,12 +58601,12 @@ init_postgres();
 
 // src/gui/realtime.ts
 import { EventEmitter } from "events";
-import { createRequire as createRequire3 } from "module";
+import { createRequire as createRequire4 } from "module";
 var _pgModule = null;
 function loadPg() {
   if (_pgModule) return _pgModule;
   const importMetaUrl = import.meta.url;
-  const requireFromHere = importMetaUrl ? createRequire3(importMetaUrl) : (
+  const requireFromHere = importMetaUrl ? createRequire4(importMetaUrl) : (
     // CJS fallback — Node provides `require` on every CJS module scope.
     __require
   );
@@ -61678,6 +61965,20 @@ var displayConfigJs = `
       });
     }
 
+    // SINGLE SOURCE OF TRUTH for the assistant's Claude connection state, derived
+    // from /api/assistant/config's claudeAuthKind (oauth | key | null). EVERY
+    // place that shows "Connected with Claude" / opens the API-key panel / gates
+    // on "the assistant has auth" MUST go through this \u2014 never re-derive from raw
+    // fields, or the signals disagree (a stray "or hasAnthropicKey" once made
+    // onboarding show "Connected with Claude" for an API-key-only setup while the
+    // settings panel showed not-connected).
+    //   .oauth -> a Claude SUBSCRIPTION is connected ("Connected with Claude")
+    //   .any   -> some working auth exists (subscription OR API key)
+    function claudeAuth(cfg) {
+      var kind = (cfg && cfg.claudeAuthKind) || null; // 'oauth' | 'key' | null
+      return { kind: kind, oauth: kind === 'oauth', any: kind != null };
+    }
+
     // Disable a button + show an inline spinner for the duration of an
     // async action so a slow server round-trip can't be double-clicked.
     // The fn arg should return a Promise; the button is restored on settle.
@@ -62468,7 +62769,12 @@ var offlineEditQueueJs = `    // \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u250
         if (eventStreamClosed) return;
         // Unexpected drop: show the disconnect on the pill and auto-reconnect with
         // backoff (the server replays state + render snapshot on reconnect).
-        setStatusPill('cloud', 'disconnected');
+        // Preserve the KNOWN mode (cloudMode is the single source of truth, set
+        // from the server's realtime-state message) \u2014 never hardcode 'cloud',
+        // which on a LOCAL (SQLite) workspace would flip cloudMode=true and divert
+        // writes into the offline queue with a bogus "will sync when cloud
+        // reconnects" toast against a workspace that has no cloud.
+        setStatusPill(cloudMode ? 'cloud' : 'local', 'disconnected');
         scheduleEventStreamReconnect();
       };
     }
@@ -66376,7 +66682,7 @@ var rowContextJs = `    // \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u250
         var cfg = res[1];
         st.name = (id && id.display_name) || '';
         st.email = (id && id.email) || '';
-        st.connected = !!(cfg && (cfg.claudeAuthKind === 'oauth' || cfg.hasAnthropicKey));
+        st.connected = claudeAuth(cfg).oauth;
         if (!st.wsName && st.name) st.wsName = st.name + "'s Workspace";
         render();
       });
@@ -67037,7 +67343,7 @@ var dataModelJs = `    // \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
             '</p>' +
             // Connect-with-Claude is the primary path (use your subscription, no
             // API key). A pasted API key is demoted to an "Advanced" disclosure.
-            (cfg.claudeAuthKind === 'oauth'
+            (claudeAuth(cfg).oauth
               ? '<div style="display:flex;align-items:center;gap:10px;margin-bottom:10px">' +
                   '<span class="feed-source" style="background:var(--accent-soft);color:var(--accent)">Connected with Claude</span>' +
                   '<button id="asst-oauth-disconnect" class="btn">Disconnect</button>' +
@@ -67059,7 +67365,7 @@ var dataModelJs = `    // \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
                   '</div>' +
                   '<div id="connect-claude-msg" style="margin-top:6px;font-size:12px;color:var(--text-muted)"></div>' +
                 '</div>') +
-            '<details style="margin-bottom:12px"' + (cfg.claudeAuthKind === 'key' ? ' open' : '') + '>' +
+            '<details style="margin-bottom:12px"' + (claudeAuth(cfg).kind === 'key' ? ' open' : '') + '>' +
               '<summary style="cursor:pointer;font-size:12px;color:var(--text-muted)">Advanced \u2014 use an API key instead</summary>' +
               '<div style="margin-top:8px">' +
                 rowHtml('asst-anthropic', 'Claude API token (chat)', !!cfg.hasAnthropicKey, 'sk-ant-\u2026') +
@@ -69051,7 +69357,7 @@ var createDatabaseWizardJs = `    // \u2500\u2500\u2500\u2500\u2500\u2500\u2500\
     function renderComposer() {
       var host = document.getElementById('rail-composer'); if (!host) return;
       fetchJson('/api/assistant/config').then(function (cfg) {
-        if (cfg && cfg.hasClaudeAuth) {
+        if (claudeAuth(cfg).any) {
           var micHtml = cfg.hasVoiceKey
             ? '<button class="composer-mic" id="chat-mic" title="Record voice">\u{1F399}</button>'
             : '';
@@ -71976,7 +72282,7 @@ import { basename as basename11, extname as extname2, resolve as resolve11, join
 
 // src/ai/vision.ts
 init_llm_client();
-import { createRequire as createRequire7 } from "module";
+import { createRequire as createRequire8 } from "module";
 import { readFile as readFile8 } from "fs/promises";
 var DEFAULT_PROMPT = "Describe this image for a knowledge base in 2-4 factual sentences: what it shows, any visible text, and notable details. No preamble.";
 var MAX_DIM = 1568;
@@ -72038,7 +72344,7 @@ function buildVisionAnthropicConfig(auth) {
 function defaultSender(auth) {
   return async (input) => {
     const importMetaUrl = import.meta.url;
-    const req = importMetaUrl ? createRequire7(importMetaUrl) : __require;
+    const req = importMetaUrl ? createRequire8(importMetaUrl) : __require;
     const sdk = req("@anthropic-ai/sdk");
     const Anthropic = sdk.Anthropic ?? sdk.default;
     if (!Anthropic) throw new Error("Could not resolve Anthropic from '@anthropic-ai/sdk'");
@@ -72065,7 +72371,7 @@ function defaultSender(auth) {
 function defaultPdfSender(auth) {
   return async (input) => {
     const importMetaUrl = import.meta.url;
-    const req = importMetaUrl ? createRequire7(importMetaUrl) : __require;
+    const req = importMetaUrl ? createRequire8(importMetaUrl) : __require;
     const sdk = req("@anthropic-ai/sdk");
     const Anthropic = sdk.Anthropic ?? sdk.default;
     if (!Anthropic) throw new Error("Could not resolve Anthropic from '@anthropic-ai/sdk'");
@@ -75750,6 +76056,7 @@ async function startGuiServer(options) {
   }
   const autoRender = options.autoRender ?? false;
   const guiVersion = options.version ?? "";
+  const desktopOpenExternal = options.desktopOpenExternal;
   const sessionId = crypto.randomUUID();
   let updateService = null;
   let activeRef = bootConfigPath && bootOutputDir ? await openConfig(bootConfigPath, bootOutputDir, autoRender, options.realtimeWatchdogMs) : null;
@@ -75932,6 +76239,20 @@ async function startGuiServer(options) {
           sendJson(res, { version: guiVersion });
           return;
         }
+        if (method === "GET" && pathname === "/api/desktop/open") {
+          if (!desktopOpenExternal) {
+            sendJson(res, { error: "not found" }, 404);
+            return;
+          }
+          const target = new URL(req.url ?? "", "http://localhost").searchParams.get("url");
+          if (!target || !/^https?:\/\//i.test(target)) {
+            sendJson(res, { error: "url must be http(s)" }, 400);
+            return;
+          }
+          desktopOpenExternal(target);
+          sendJson(res, { ok: true });
+          return;
+        }
         if (method === "GET" && pathname === "/api/update/status") {
           sendJson(
             res,
@@ -76617,7 +76938,7 @@ function printHelp() {
   );
 }
 function getVersion() {
-  if (true) return "4.2.2";
+  if (true) return "4.2.4";
   try {
     const pkgPath = new URL("../package.json", import.meta.url).pathname;
     const pkg = JSON.parse(readFileSync25(pkgPath, "utf-8"));