nodebb-plugin-pdf-secure2 1.4.3 → 1.4.4

package/.claude/settings.local.json

@@ -5,7 +5,17 @@
       "WebFetch(domain:github.com)",
       "Bash(dir:*)",
       "Bash(npm pack:*)",
-      "Bash(tar:*)"
+      "Bash(tar:*)",
+      "Bash(grep:*)",
+      "Bash(find /c/Users/kadir/OneDrive/Masaüstü/Projeler/nodebb-plugin-pdf-secure/nodebb-plugin-pdf-secure -type f \\\\\\(-name *.conf -o -name *.config -o -name *nginx* -o -name *apache* \\\\\\))",
+      "Bash(xargs ls:*)",
+      "WebSearch",
+      "WebFetch(domain:community.nodebb.org)",
+      "Bash(cp /tmp/pdf-secure-143/package/package.json ./package.json)",
+      "Bash(cp /tmp/pdf-secure-143/package/library.js ./library.js)",
+      "Bash(cp /tmp/pdf-secure-143/package/lib/controllers.js ./lib/controllers.js)",
+      "Bash(cp /tmp/pdf-secure-143/package/lib/gemini-chat.js ./lib/gemini-chat.js)",
+      "Bash(cp /tmp/pdf-secure-143/package/static/lib/admin.js ./static/lib/admin.js)"
     ]
   }
 }

package/lib/controllers.js

@@ -265,7 +265,8 @@ Controllers.handleChat = async function (req, res) {
 	}
 
 	// Body validation
-	const { filename, question, history } = req.body;
+	const { filename, question, history, detailMode } = req.body;
+	const useDetailMode = tier === 'vip' && detailMode === true;
 
 	if (!filename || typeof filename !== 'string') {
 		return res.status(400).json({ error: 'Missing or invalid filename' });
@@ -312,7 +313,7 @@ Controllers.handleChat = async function (req, res) {
 	}
 
 	try {
-		const result = await geminiChat.chat(safeName, trimmedQuestion, history || [], tier);
+		const result = await geminiChat.chat(safeName, trimmedQuestion, history || [], tier, useDetailMode);
 		// Record actual token usage after successful AI response
 		// Sanitize: clamp to [0, 1000000] to prevent NaN/negative/absurd values
 		const tokensUsed = Math.max(0, Math.min(parseInt(result.tokensUsed, 10) || 0, 1000000));
@@ -395,7 +396,7 @@ Controllers.getSuggestions = async function (req, res) {
 	}
 
 	try {
-		const suggestions = await geminiChat.generateSuggestions(safeName);
+		const suggestions = await geminiChat.generateSuggestions(safeName, tier);
 		const quotaUsage = await getQuotaUsage(req.uid, tier);
 		return res.json({ suggestions, quota: quotaUsage });
 	} catch (err) {

package/lib/gemini-chat.js

@@ -38,13 +38,24 @@ ${SECURITY_RULES}`;
 
 const SYSTEM_INSTRUCTION_VIP = `Sen bir PDF döküman asistanı ve ders öğretmenisin. Bu döküman bir üniversite ders materyalidir. Kurallar:
 - Kullanıcının yazdığı dilde cevap ver
-- Soruya göre yanıt uzunluğunu ayarla: basit sorulara kısa (2-3 cümle), karmaşık sorulara daha detaylı (1-2 paragraf) cevap ver. Asla gereksiz uzatma
-- Sadece cevabı değil, "neden böyle?" sorusunu da cevapla — kavramı bağlamına oturtur şekilde öğretici yaklaş
-- Açıklamalarını örneklerle ve analojilerle zenginleştir ama kısa tut
+- VARSAYILAN: Kısa, net, yüksek sinyalli cevap ver. Basit soru → 1-3 cümle. Orta zorluk → 1 kısa paragraf. Karmaşık → yapılandırılmış ama gereksiz detaysız
+- Sadece cevabı değil "neden böyle?" sorusunu da kısa cevapla
+- Madde ve başlık formatını kullan, gereksiz giriş cümleleri yazma
+- Kullanıcı açıkça "detaylı", "daha fazla", "örnek ver" demezse derinleşme
+- Matematiksel işlemlerde sadece kritik adımları göster
+- Bilgiyi doğrudan PDF'ten al, sayfa/bölüm numarası belirt
+- Dokümandaki konularla ilgili sorularda genel bilginle de destekle, ancak PDF'te olmayan bilgiyi "(Not: Bu bilgi doğrudan dokümanda geçmemektedir)" şeklinde belirt
+- Tamamen alakasız konularda "Bu konu dökümanın kapsamı dışındadır" de
+${SECURITY_RULES}`;
+
+const SYSTEM_INSTRUCTION_VIP_DETAILED = `Sen bir PDF döküman asistanı ve ders öğretmenisin. Bu döküman bir üniversite ders materyalidir. Kurallar:
+- Kullanıcının yazdığı dilde cevap ver
+- DETAYLI MOD AKTİF: Derin analiz, yapısal breakdown ve örneklerle zengin cevap ver
+- Kavramları bağlamına oturtarak öğretici yaklaşımla açıkla
+- Açıklamalarını örnekler ve analojilerle zenginleştir
+- Karşılaştırma tabloları, kavram haritaları, ezber teknikleri ve sınav stratejilerini uygun gördüğünde kullan
+- Matematiksel işlemleri adım adım çöz
 - Yanıtlarını madde, başlık ve yapısal format kullanarak düzenli sun
-- Karşılaştırma tabloları, kavram haritaları, ezber teknikleri ve sınav stratejilerini SADECE kullanıcı istediğinde ver
-- Kullanıcı "detaylı anlat", "daha fazla açıkla", "örnek ver" derse o zaman genişlet
-- Matematiksel işlemleri adım adım çöz, sadece kritik adımları göster
 - Bilgiyi doğrudan PDF'ten al, sayfa/bölüm numarası belirt
 - Dokümandaki konularla ilgili sorularda genel bilginle de destekle, ancak PDF'te olmayan bilgiyi "(Not: Bu bilgi doğrudan dokümanda geçmemektedir)" şeklinde belirt
 - Tamamen alakasız konularda "Bu konu dökümanın kapsamı dışındadır" de
@@ -113,7 +124,7 @@ function sanitizeHistoryText(text) {
 
 // Tier-based configuration
 const TIER_CONFIG = {
-	vip: { maxHistory: 30, maxOutputTokens: 4096, recentFullMessages: 6 },
+	vip: { maxHistory: 30, maxOutputTokens: 2048, detailedMaxOutputTokens: 4096, recentFullMessages: 6 },
 	premium: { maxHistory: 20, maxOutputTokens: 2048, recentFullMessages: 4 },
 };
 
@@ -249,7 +260,7 @@ function isSummaryRequest(question, history) {
 	return SUMMARY_PATTERNS.some((p) => p.test(question));
 }
 
-GeminiChat.chat = async function (filename, question, history, tier) {
+GeminiChat.chat = async function (filename, question, history, tier, detailMode) {
 	if (!ai) {
 		throw new Error('AI chat is not configured');
 	}
@@ -320,21 +331,30 @@ GeminiChat.chat = async function (filename, question, history, tier) {
 	];
 
 	// Use admin-configured prompt if set, otherwise fall back to defaults
-	let systemInstruction = tier === 'vip'
-		? (customPrompts.vip || SYSTEM_INSTRUCTION_VIP)
-		: (customPrompts.premium || SYSTEM_INSTRUCTION_PREMIUM);
+	let systemInstruction;
+	if (tier === 'vip') {
+		if (customPrompts.vip) {
+			systemInstruction = customPrompts.vip;
+		} else {
+			systemInstruction = detailMode ? SYSTEM_INSTRUCTION_VIP_DETAILED : SYSTEM_INSTRUCTION_VIP;
+		}
+	} else {
+		systemInstruction = customPrompts.premium || SYSTEM_INSTRUCTION_PREMIUM;
+	}
 
 	// Always append security rules if not already present (admin can't bypass)
 	if (!systemInstruction.includes('Güvenlik kuralları')) {
 		systemInstruction += '\n' + SECURITY_RULES;
 	}
 
+	const maxOutputTokens = (tier === 'vip' && detailMode) ? config.detailedMaxOutputTokens : config.maxOutputTokens;
+
 	const response = await ai.models.generateContent({
 		model: MODEL_NAME,
 		contents: fullContents,
 		config: {
 			systemInstruction,
-			maxOutputTokens: config.maxOutputTokens,
+			maxOutputTokens,
 		},
 	});
 
@@ -368,18 +388,20 @@ GeminiChat.chat = async function (filename, question, history, tier) {
 };
 
 // Generate AI-powered question suggestions for a PDF
-GeminiChat.generateSuggestions = async function (filename) {
+GeminiChat.generateSuggestions = async function (filename, tier) {
 	if (!ai) {
 		throw new Error('AI chat is not configured');
 	}
 
-	// Check cache
-	const cached = suggestionsCache.get(filename);
+	// Cache key includes tier (VIP gets 3, Premium gets 5)
+	const cacheKey = filename + '::' + (tier || 'premium');
+	const cached = suggestionsCache.get(cacheKey);
 	if (cached && Date.now() - cached.cachedAt < SUGGESTIONS_TTL) {
 		return cached.suggestions;
 	}
 
-	const pdfRef = await getOrUploadPdf(filename, 'premium');
+	const count = tier === 'vip' ? 3 : 5;
+	const pdfRef = await getOrUploadPdf(filename, tier || 'premium');
 	const pdfPart = pdfRef.type === 'fileData'
 		? { fileData: { fileUri: pdfRef.fileUri, mimeType: pdfRef.mimeType } }
 		: { inlineData: { mimeType: pdfRef.mimeType, data: pdfRef.data } };
@@ -391,7 +413,13 @@ GeminiChat.generateSuggestions = async function (filename) {
 				role: 'user',
 				parts: [
 					pdfPart,
-					{ text: 'Bu PDF dokümanı için kullanıcının sorabileceği 5 adet akıllı ve spesifik soru öner. Soruları JSON array formatında döndür, başka hiçbir şey yazma. Örnek: ["Soru 1?", "Soru 2?"]' },
+					{ text: `Bu PDF dokümanını analiz et. Kullanıcının sorabileceği ${count} adet SPESİFİK ve İÇERİĞE ÖZEL soru öner.
+Kurallar:
+- Her soru dokümandaki belirli bir kavram, bölüm veya bilgiye referans vermeli
+- "Bu döküman ne hakkında?" gibi genel sorular YASAK
+- Farklı açılardan sor: 1) özet/kapsam, 2) analiz/karşılaştırma, 3) uygulama/örnek
+- Soruları JSON array formatında döndür, başka hiçbir şey yazma
+Örnek: ["Soru 1?", "Soru 2?"]` },
 				],
 			},
 		],
@@ -414,13 +442,13 @@ GeminiChat.generateSuggestions = async function (filename) {
 		// Sanitize and limit
 		suggestions = suggestions
 			.filter(s => typeof s === 'string' && s.length > 0)
-			.slice(0, 5)
+			.slice(0, count)
 			.map(s => s.slice(0, 200));
 	} catch (err) {
 		// Fallback: return empty, client will keep defaults
 		suggestions = [];
 	}
 
-	suggestionsCache.set(filename, { suggestions, cachedAt: Date.now() });
+	suggestionsCache.set(cacheKey, { suggestions, cachedAt: Date.now() });
 	return suggestions;
 };

package/lib/nonce-store.js

@@ -53,18 +53,18 @@ NonceStore.validate = function (nonce, uid) {
 		return null;
 	}
 
-	// Delete immediately (single-use)
-	store.delete(nonce);
-
-	// Check UID match
+	// Validate BEFORE deleting — prevents DoS via nonce consumption with wrong UID
 	if (data.uid !== uid) {
 		return null;
 	}
 
 	// Check TTL
 	if (Date.now() - data.createdAt > NONCE_TTL) {
+		store.delete(nonce); // Expired, clean up
 		return null;
 	}
 
+	// All checks passed — delete now (single-use)
+	store.delete(nonce);
 	return data;  // Includes encKey and encIv for AES-256-GCM
 };

package/lib/pdf-handler.js

@@ -36,7 +36,6 @@ PdfHandler.resolveFilePath = function (filename) {
 	const uploadPath = nconf.get('upload_path') || path.join(nconf.get('base_dir'), 'public', 'uploads');
 	const filePath = path.join(uploadPath, 'files', safeName);
 
-	// Verify the resolved path is still within the upload directory
 	const resolvedPath = path.resolve(filePath);
 	const resolvedUploadDir = path.resolve(path.join(uploadPath, 'files'));
 	if (!resolvedPath.startsWith(resolvedUploadDir)) {

package/lib/topic-access.js

@@ -0,0 +1,96 @@
+'use strict';
+
+const privileges = require.main.require('./src/privileges');
+const topics = require.main.require('./src/topics');
+const posts = require.main.require('./src/posts');
+const groups = require.main.require('./src/groups');
+const db = require.main.require('./src/database');
+
+const TopicAccess = module.exports;
+
+/**
+ * Validate that a user has access to a PDF through a specific topic.
+ * Checks: 1) User can read the topic, 2) The PDF filename exists in the topic's posts.
+ * Admin/Global Moderators bypass all checks.
+ *
+ * @param {number} uid - User ID
+ * @param {number|string} tid - Topic ID
+ * @param {string} filename - Sanitized PDF filename (basename only)
+ * @returns {Promise<{allowed: boolean, reason?: string}>}
+ */
+TopicAccess.validate = async function (uid, tid, filename) {
+	// Require valid tid
+	tid = parseInt(tid, 10);
+	if (!tid || isNaN(tid) || tid <= 0) {
+		return { allowed: false, reason: 'Missing or invalid topic ID' };
+	}
+
+	try {
+		// Admin/Global Moderator bypass
+		const [isAdmin, isGlobalMod] = await Promise.all([
+			groups.isMember(uid, 'administrators'),
+			groups.isMember(uid, 'Global Moderators'),
+		]);
+		if (isAdmin || isGlobalMod) {
+			return { allowed: true };
+		}
+
+		// Check if user can read the topic (NodeBB privilege system)
+		const canRead = await privileges.topics.can('topics:read', tid, uid);
+		if (!canRead) {
+			return { allowed: false, reason: 'Access denied' };
+		}
+
+		// Verify the PDF filename exists in one of the topic's posts
+		const exists = await TopicAccess.pdfExistsInTopic(tid, filename);
+		if (!exists) {
+			return { allowed: false, reason: 'Access denied' };
+		}
+
+		return { allowed: true };
+	} catch (err) {
+		// DB error, topic not found, etc. — deny by default
+		return { allowed: false, reason: 'Access check failed' };
+	}
+};
+
+/**
+ * Check if a PDF filename is referenced in any post of a topic.
+ * Searches both the main post and all reply posts.
+ *
+ * @param {number} tid - Topic ID
+ * @param {string} filename - PDF filename to search for
+ * @returns {Promise<boolean>}
+ */
+TopicAccess.pdfExistsInTopic = async function (tid, filename) {
+	// Get the topic's main post ID
+	const topicData = await topics.getTopicFields(tid, ['mainPid']);
+	if (!topicData || !topicData.mainPid) {
+		return false;
+	}
+
+	// Get all post IDs in this topic (replies)
+	const replyPids = await db.getSortedSetRange('tid:' + tid + ':posts', 0, -1);
+	const allPids = [topicData.mainPid, ...replyPids].filter(Boolean);
+
+	if (allPids.length === 0) {
+		return false;
+	}
+
+	// Get raw content of all posts
+	const postsData = await posts.getPostsFields(allPids, ['content']);
+
+	// Escape filename for regex safety, also match URL-encoded variant
+	// (post content may store "Özel Döküman.pdf" as "%C3%96zel%20D%C3%B6k%C3%BCman.pdf")
+	const escaped = filename.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+	const encodedEscaped = encodeURIComponent(filename).replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+	const pattern = new RegExp('(' + escaped + '|' + encodedEscaped + ')', 'i');
+
+	for (const post of postsData) {
+		if (post && post.content && pattern.test(post.content)) {
+			return true;
+		}
+	}
+
+	return false;
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-pdf-secure2",
-  "version": "1.4.3",
+  "version": "1.4.4",
   "description": "Secure PDF viewer plugin for NodeBB - prevents downloading, enables canvas-only rendering with Premium group support",
   "main": "library.js",
   "repository": {

package/plugin.json

@@ -26,6 +26,10 @@
 		{
 			"hook": "filter:parse.post",
 			"method": "transformPdfLinks"
+		},
+		{
+			"hook": "filter:parse.raw",
+			"method": "transformPdfLinks"
 		}
 	],
 	"staticDirs": {

package/static/viewer.html

@@ -1079,6 +1079,108 @@
             margin-right: 2px;
         }
 
+        /* AI message action buttons (copy, regenerate) */
+        .chatMsgActions {
+            display: flex;
+            gap: 8px;
+            margin-top: 6px;
+            opacity: 0;
+            transition: opacity 0.15s;
+        }
+        .chatMsg.ai:hover .chatMsgActions { opacity: 1; }
+        .chatMsgAction {
+            background: none;
+            border: none;
+            color: var(--text-secondary);
+            font-size: 11px;
+            cursor: pointer;
+            display: flex;
+            align-items: center;
+            gap: 3px;
+            padding: 2px 4px;
+            border-radius: 4px;
+            transition: color 0.15s, background 0.15s;
+        }
+        .chatMsgAction:hover { color: var(--text-primary); background: rgba(255,255,255,0.08); }
+        .chatMsgAction.copied { color: #4ade80; }
+        .chatMsgAction svg { width: 12px; height: 12px; fill: currentColor; }
+
+        /* AI badge timestamp */
+        .aiBadgeTime { font-weight: 400; opacity: 0.6; }
+
+        /* Scroll to bottom button */
+        .chatScrollDown {
+            position: absolute;
+            bottom: 80px;
+            left: 50%;
+            transform: translateX(-50%);
+            width: 32px; height: 32px;
+            border-radius: 50%;
+            background: var(--bg-secondary);
+            border: 1px solid var(--border-color);
+            color: var(--text-primary);
+            font-size: 16px;
+            cursor: pointer;
+            opacity: 0;
+            pointer-events: none;
+            transition: opacity 0.2s;
+            z-index: 5;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+        }
+        .chatScrollDown:hover { background: var(--bg-tertiary); }
+        .chatScrollDown.visible { opacity: 1; pointer-events: auto; }
+
+        /* Blockquote in AI messages */
+        .chatMsg blockquote {
+            border-left: 3px solid var(--accent);
+            margin: 6px 0;
+            padding: 4px 10px;
+            color: var(--text-secondary);
+            font-style: italic;
+            background: rgba(255,255,255,0.03);
+            border-radius: 0 4px 4px 0;
+        }
+        body[data-tier="vip"] .chatMsg blockquote { border-left-color: #ffd700; }
+
+        /* Table overflow scroll hint */
+        .chatMsg .tableWrap.scrollable::after {
+            content: '';
+            position: absolute;
+            top: 0; right: 0; bottom: 0;
+            width: 20px;
+            background: linear-gradient(to right, transparent, var(--bg-tertiary));
+            pointer-events: none;
+        }
+
+        /* Loading elapsed timer */
+        .chatLoadingElapsed { font-size: 10px; color: var(--text-secondary); opacity: 0.5; margin-left: 4px; }
+
+        /* Detail mode toggle */
+        .vipTipsRow { display: flex; justify-content: space-between; align-items: center; }
+        .detailToggle { display: flex; align-items: center; gap: 6px; cursor: pointer; user-select: none; }
+        .detailToggle input { display: none; }
+        .detailToggleSlider {
+            width: 28px; height: 16px;
+            background: rgba(255,255,255,0.15);
+            border-radius: 8px;
+            position: relative;
+            transition: background 0.2s;
+        }
+        .detailToggleSlider::after {
+            content: '';
+            position: absolute; left: 2px; top: 2px;
+            width: 12px; height: 12px;
+            background: var(--text-secondary);
+            border-radius: 50%;
+            transition: transform 0.2s, background 0.2s;
+        }
+        .detailToggle input:checked + .detailToggleSlider { background: rgba(255,215,0,0.3); }
+        .detailToggle input:checked + .detailToggleSlider::after { transform: translateX(12px); background: #ffd700; }
+        .detailToggleText { font-size: 10px; color: var(--text-secondary); font-weight: 500; transition: color 0.2s; }
+        .detailToggle input:checked ~ .detailToggleText { color: #ffd700; }
+
         /* Character counter */
         .chatCharCount {
             font-size: 10px;
@@ -3011,7 +3113,14 @@
             <button class="closeBtn" id="closeChatSidebar">&times;</button>
         </div>
         <div class="vipTipsBanner" id="vipTipsBanner">
-            <div class="vipTipsLabel">VIP — Benden isteyebileceklerin:</div>
+            <div class="vipTipsRow">
+                <div class="vipTipsLabel">VIP — Benden isteyebileceklerin:</div>
+                <label class="detailToggle" id="detailToggleLabel">
+                    <input type="checkbox" id="detailToggle">
+                    <span class="detailToggleSlider"></span>
+                    <span class="detailToggleText">Detaylı</span>
+                </label>
+            </div>
             <div class="vipTipsItems">
                 <span class="vipTip">detayli aciklama</span>
                 <span class="vipTip">ornek ver</span>
@@ -3021,6 +3130,7 @@
             </div>
         </div>
         <div id="chatMessages"></div>
+        <button id="chatScrollDown" class="chatScrollDown">&#x2193;</button>
         <div class="chatCharCount" id="chatCharCount"></div>
         <div class="chatQuotaBar" id="chatQuotaBar">
             <div class="chatQuotaTrack"><div class="chatQuotaFill" id="chatQuotaFill"></div></div>
@@ -3976,6 +4086,17 @@
                 document.body.setAttribute('data-tier', 'vip');
             }
 
+            // Detail mode toggle (VIP only)
+            var chatDetailMode = false;
+            var detailToggleEl = document.getElementById('detailToggle');
+            if (chatIsVip && detailToggleEl) {
+                try { chatDetailMode = localStorage.getItem('pdfChat_detailMode') === 'true'; detailToggleEl.checked = chatDetailMode; } catch (e) { /* localStorage unavailable */ }
+                detailToggleEl.addEventListener('change', function () {
+                    chatDetailMode = detailToggleEl.checked;
+                    try { localStorage.setItem('pdfChat_detailMode', String(chatDetailMode)); } catch (e) { /* ignore */ }
+                });
+            }
+
             // Non-premium: hide input area entirely and show PRO badge
             if (!chatIsPremium) {
                 document.getElementById('chatInputArea').style.display = 'none';
@@ -4010,6 +4131,18 @@
                 };
             }
 
+            // Scroll-to-bottom button
+            var chatScrollDownBtn = document.getElementById('chatScrollDown');
+            if (chatScrollDownBtn) {
+                chatMessagesEl.addEventListener('scroll', function () {
+                    var atBottom = chatMessagesEl.scrollHeight - chatMessagesEl.scrollTop - chatMessagesEl.clientHeight < 60;
+                    chatScrollDownBtn.classList.toggle('visible', !atBottom);
+                });
+                chatScrollDownBtn.onclick = function () {
+                    chatMessagesEl.scrollTo({ top: chatMessagesEl.scrollHeight, behavior: 'smooth' });
+                };
+            }
+
             // MutationObserver: prevent dangerous elements in chat (DevTools injection defense)
             var dangerousTags = ['A', 'SCRIPT', 'IFRAME', 'FORM', 'OBJECT', 'EMBED', 'LINK'];
             new MutationObserver(function (mutations) {
@@ -4067,7 +4200,7 @@
                     var prompt = vipTipPrompts[chip.textContent.trim()];
                     if (prompt && chatInputEl) {
                         chatInputEl.value = prompt;
-                        chatInputEl.focus();
+                        sendChatMessage();
                     }
                 };
             });
@@ -4160,6 +4293,17 @@
                         i++; continue;
                     }
 
+                    // Blockquote: > text
+                    if (trimmed.startsWith('> ')) {
+                        flushPara();
+                        var bq = document.createElement('blockquote');
+                        var bqTokens = tokenizeInline(trimmed.slice(2));
+                        for (var t = 0; t < bqTokens.length; t++) bq.appendChild(bqTokens[t]);
+                        parent.appendChild(bq);
+                        hasOutput = true;
+                        i++; continue;
+                    }
+
                     // Header: # ## ### ####
                     var hMatch = trimmed.match(/^(#{1,4})\s+(.+)/);
                     if (hMatch) {
@@ -4188,6 +4332,14 @@
                                 wrap.className = 'tableWrap';
                                 wrap.appendChild(table);
                                 wrap.appendChild(createCopyBtn(tableToText(table)));
+                                // Detect horizontal overflow for scroll hint
+                                requestAnimationFrame(function () {
+                                    if (wrap.scrollWidth > wrap.clientWidth) wrap.classList.add('scrollable');
+                                });
+                                wrap.addEventListener('scroll', function () {
+                                    var atEnd = wrap.scrollLeft + wrap.clientWidth >= wrap.scrollWidth - 5;
+                                    wrap.classList.toggle('scrollable', !atEnd);
+                                });
                                 parent.appendChild(wrap);
                                 hasOutput = true;
                                 i = j; continue;
@@ -4451,6 +4603,18 @@
                             continue;
                         }
                     }
+                    // Strikethrough: ~~...~~
+                    if (line[i] === '~' && line[i + 1] === '~') {
+                        var endS = line.indexOf('~~', i + 2);
+                        if (endS !== -1 && endS - i < 5002) {
+                            flushBuf();
+                            var del = document.createElement('del');
+                            del.textContent = line.slice(i + 2, endS);
+                            nodes.push(del);
+                            i = endS + 2;
+                            continue;
+                        }
+                    }
                     buf += line[i];
                     i++;
                 }
@@ -4472,6 +4636,11 @@
                 svg.appendChild(path);
                 badge.appendChild(svg);
                 badge.appendChild(document.createTextNode(' AI'));
+                var ts = document.createElement('span');
+                ts.className = 'aiBadgeTime';
+                var now = new Date();
+                ts.textContent = ' \u2022 ' + now.getHours().toString().padStart(2, '0') + ':' + now.getMinutes().toString().padStart(2, '0');
+                badge.appendChild(ts);
                 return badge;
             }
 
@@ -4487,6 +4656,32 @@
                     }
                     msg.appendChild(createAiBadge());
                     msg.appendChild(renderMarkdownSafe(text));
+
+                    // Action buttons (regenerate)
+                    var actions = document.createElement('div');
+                    actions.className = 'chatMsgActions';
+
+                    var regenBtn = document.createElement('button');
+                    regenBtn.className = 'chatMsgAction';
+                    regenBtn.innerHTML = '<svg viewBox="0 0 24 24"><path d="M17.65 6.35A7.958 7.958 0 0012 4c-4.42 0-7.99 3.58-7.99 8s3.57 8 7.99 8c3.73 0 6.84-2.55 7.73-6h-2.08A5.99 5.99 0 0112 18c-3.31 0-6-2.69-6-6s2.69-6 6-6c1.66 0 3.14.69 4.22 1.78L13 11h7V4l-2.35 2.35z"/></svg> Tekrar sor';
+                    regenBtn.onclick = function () {
+                        if (chatHistory.length >= 2) {
+                            var lastQ = chatHistory[chatHistory.length - 2];
+                            if (lastQ.role === 'user') {
+                                chatHistory.pop();
+                                chatHistory.pop();
+                                var msgs = chatMessagesEl.querySelectorAll('.chatMsg');
+                                if (msgs.length >= 2) {
+                                    msgs[msgs.length - 1].remove();
+                                    msgs[msgs.length - 2].remove();
+                                }
+                                chatInputEl.value = lastQ.text;
+                                sendChatMessage();
+                            }
+                        }
+                    };
+                    actions.appendChild(regenBtn);
+                    msg.appendChild(actions);
                 } else if (role === 'user') {
                     var now = new Date();
                     var timeStr = now.getHours().toString().padStart(2, '0') + ':' + now.getMinutes().toString().padStart(2, '0');
@@ -4504,18 +4699,34 @@
             }
 
             function showChatLoading() {
-                const msg = document.createElement('div');
+                var loadText = chatDetailMode ? 'Detayl\u0131 analiz haz\u0131rlan\u0131yor' : 'D\u00fc\u015f\u00fcn\u00fcyor';
+                var msg = document.createElement('div');
                 msg.className = 'chatMsg ai chatLoading';
                 msg.id = 'chatLoadingMsg';
-                msg.innerHTML = '<span class="chatLoadingText">Düşünüyor</span><span class="chatLoadingDots"><span>.</span><span>.</span><span>.</span></span>';
+                msg.innerHTML = '<span class="chatLoadingText">' + loadText + '</span><span class="chatLoadingDots"><span>.</span><span>.</span><span>.</span></span>';
+                var elapsed = document.createElement('span');
+                elapsed.className = 'chatLoadingElapsed';
+                elapsed.style.display = 'none';
+                msg.appendChild(elapsed);
+                var startTime = Date.now();
+                msg._timer = setInterval(function () {
+                    var secs = Math.floor((Date.now() - startTime) / 1000);
+                    if (secs >= 5) {
+                        elapsed.style.display = '';
+                        elapsed.textContent = '(' + secs + 's)';
+                    }
+                }, 1000);
                 chatMessagesEl.appendChild(msg);
                 chatMessagesEl.scrollTop = chatMessagesEl.scrollHeight;
                 return msg;
             }
 
             function removeChatLoading() {
-                const el = document.getElementById('chatLoadingMsg');
-                if (el) el.remove();
+                var el = document.getElementById('chatLoadingMsg');
+                if (el) {
+                    if (el._timer) clearInterval(el._timer);
+                    el.remove();
+                }
             }
 
             // Quota usage bar
@@ -4626,9 +4837,14 @@
                     suggestions.appendChild(chip);
                 });
 
-                // Trigger AI suggestions on hover/focus of the suggestions area (lazy)
-                suggestions.addEventListener('mouseenter', loadAiSuggestions, { once: true });
-                suggestions.addEventListener('focusin', loadAiSuggestions, { once: true });
+                // VIP: auto-load context-aware suggestions immediately
+                // Premium: lazy-load on hover/focus (avoids unnecessary API calls)
+                if (chatIsVip) {
+                    setTimeout(loadAiSuggestions, 0);
+                } else {
+                    suggestions.addEventListener('mouseenter', loadAiSuggestions, { once: true });
+                    suggestions.addEventListener('focusin', loadAiSuggestions, { once: true });
+                }
 
                 chatMessagesEl.appendChild(suggestions);
                 chatMessagesEl.scrollTop = chatMessagesEl.scrollHeight;
@@ -4815,6 +5031,7 @@
                             filename: _cfg.filename,
                             question: question,
                             history: chatHistory,
+                            detailMode: chatDetailMode,
                         }),
                     });