omnikey-cli 1.0.25 → 1.0.26

package/backend-dist/agent/agentAuth.js

@@ -21,6 +21,10 @@ const authMiddleware_1 = require("../authMiddleware");
  * @returns The authenticated `Subscription`, or `null` if authentication fails for any reason.
  */
 async function authenticateFromAuthHeader(authHeader, log) {
+    if (config_1.config.blockSaas) {
+        log.warn('Blocking SaaS access: rejecting agent WebSocket connection due to BLOCK_SAAS=true');
+        return null;
+    }
     if (config_1.config.isSelfHosted) {
         log.info('Self-hosted mode: skipping JWT authentication for agent WebSocket connection.');
         try {

package/backend-dist/agent/agentServer.js

@@ -37,16 +37,20 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.attachAgentWebSocketServer = attachAgentWebSocketServer;
+exports.createAgentRouter = createAgentRouter;
+const express_1 = __importDefault(require("express"));
 const ws_1 = __importStar(require("ws"));
 const cuid_1 = __importDefault(require("cuid"));
 const config_1 = require("../config");
 const logger_1 = require("../logger");
 const subscription_1 = require("../models/subscription");
 const subscriptionUsage_1 = require("../models/subscriptionUsage");
+const agentSession_1 = require("../models/agentSession");
 const agentPrompts_1 = require("./agentPrompts");
 const featureRoutes_1 = require("../featureRoutes");
 const web_search_provider_1 = require("../web-search/web-search-provider");
 const agentAuth_1 = require("./agentAuth");
+const authMiddleware_1 = require("../authMiddleware");
 const utils_1 = require("./utils");
 const ai_client_1 = require("../ai-client");
 async function runToolLoop(initialResult, session, sessionId, send, log, tools, onUsage) {
@@ -137,12 +141,55 @@ async function runToolLoop(initialResult, session, sessionId, send, log, tools,
     return result;
 }
 const aiModel = (0, ai_client_1.getDefaultModel)(config_1.config.aiProvider, 'smart');
+// In-memory cache: sessionId -> live SessionState. Hydrated from DB on first
+// access and written back after each turn so restarts resume correctly.
 const sessionMessages = new Map();
 const MAX_TURNS = 10;
+// ─── DB helpers ───────────────────────────────────────────────────────────────
+async function persistSessionToDB(sessionId, state) {
+    try {
+        const historyJson = JSON.stringify(state.history);
+        await agentSession_1.AgentSession.update({
+            historyJson,
+            turns: state.turns,
+            lastActiveAt: new Date(),
+        }, { where: { id: sessionId } });
+    }
+    catch (err) {
+        logger_1.logger.error('Failed to persist agent session to DB', { sessionId, error: err });
+    }
+}
+// Maximum number of sessions stored per subscription. When this limit is
+// exceeded the oldest sessions (by lastActiveAt) are pruned automatically.
+const SESSION_CAP = 50;
+async function enforceSessionCap(subscriptionId, logger) {
+    try {
+        const count = await agentSession_1.AgentSession.count({ where: { subscriptionId } });
+        if (count <= SESSION_CAP)
+            return;
+        const excess = count - SESSION_CAP;
+        const oldest = await agentSession_1.AgentSession.findAll({
+            where: { subscriptionId },
+            order: [['last_active_at', 'ASC']],
+            limit: excess,
+            attributes: ['id'],
+        });
+        const ids = oldest.map((s) => s.id);
+        await agentSession_1.AgentSession.destroy({ where: { id: ids } });
+        logger.info('Pruned oldest agent sessions to enforce cap', {
+            subscriptionId,
+            pruned: ids.length,
+        });
+    }
+    catch (err) {
+        logger.error('Failed to enforce agent session cap', { subscriptionId, error: err });
+    }
+}
 async function getOrCreateSession(sessionId, subscription, platform, log) {
+    // 1. Return the live in-memory entry if already loaded this process lifetime.
     const existing = sessionMessages.get(sessionId);
     if (existing) {
-        log.debug('Reusing existing agent session', {
+        log.debug('Reusing existing agent session (in-memory)', {
             sessionId,
             subscriptionId: existing.subscription.id,
             turns: existing.turns,
@@ -151,10 +198,42 @@ async function getOrCreateSession(sessionId, subscription, platform, log) {
             sessionState: existing,
             hasStoredPrompt: existing.history
                 .filter((h) => h.role === 'user')
-                .some((h) => h.content.includes('<stored_instructions>')),
+                .some((h) => typeof h.content === 'string' && h.content.includes('<stored_instructions>')),
         };
     }
-    // use these instructions as user instructions
+    // 2. Try to resume from a persisted DB record.
+    try {
+        const dbSession = await agentSession_1.AgentSession.findOne({
+            where: { id: sessionId, subscriptionId: subscription.id },
+        });
+        if (dbSession) {
+            const history = JSON.parse(dbSession.historyJson);
+            const entry = {
+                subscription,
+                history,
+                turns: dbSession.turns,
+            };
+            sessionMessages.set(sessionId, entry);
+            log.info('Resumed agent session from DB', {
+                sessionId,
+                subscriptionId: subscription.id,
+                turns: entry.turns,
+            });
+            return {
+                sessionState: entry,
+                hasStoredPrompt: history
+                    .filter((h) => h.role === 'user')
+                    .some((h) => typeof h.content === 'string' && h.content.includes('<stored_instructions>')),
+            };
+        }
+    }
+    catch (err) {
+        log.error('Failed to load agent session from DB; creating a fresh one', {
+            sessionId,
+            error: err,
+        });
+    }
+    // 3. Create a brand-new session in-memory and persist it to the DB.
     const prompt = await (0, featureRoutes_1.getPromptForCommand)(log, 'task', subscription).catch((err) => {
         log.error('Failed to get system prompt for new agent session', { error: err });
         return '';
@@ -185,6 +264,23 @@ ${prompt}
         turns: 0,
     };
     sessionMessages.set(sessionId, entry);
+    // Persist immediately so that GET /sessions picks it up right away.
+    try {
+        await agentSession_1.AgentSession.create({
+            id: sessionId,
+            subscriptionId: subscription.id,
+            title: 'New Session',
+            platform: platform ?? null,
+            historyJson: JSON.stringify(entry.history),
+            turns: 0,
+            lastActiveAt: new Date(),
+        });
+        // Prune oldest sessions after each creation so the cap is always respected.
+        void enforceSessionCap(subscription.id, log);
+    }
+    catch (err) {
+        log.error('Failed to create agent session in DB', { sessionId, error: err });
+    }
     log.info('Created new agent session', {
         sessionId,
         subscriptionId: subscription.id,
@@ -243,6 +339,16 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
                 ? userContent
                 : `<user_input>${(0, utils_1.createUserContent)(userContent, hasStoredPrompt)}</user_input>`,
         });
+        // Use the first real user message (turn 1) as the session title.
+        if (session.turns === 1 && !isAssistance) {
+            const rawInput = clientMessage.content || '';
+            const titleSlug = rawInput.trim().slice(0, 60).replace(/\s+/g, ' ');
+            if (titleSlug) {
+                agentSession_1.AgentSession.update({ title: titleSlug }, { where: { id: sessionId } }).catch((err) => {
+                    log.error('Failed to update agent session title', { sessionId, error: err });
+                });
+            }
+        }
     }
     // On the final turn we omit tools so the model is forced to emit a
     // plain text <final_answer> rather than issuing another tool call.
@@ -250,7 +356,20 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
     const tools = isFinalTurn ? undefined : (0, utils_1.buildAvailableTools)();
     const recordUsage = async (result) => {
         const usage = result.usage;
-        if (!usage || !subscription.id || config_1.config.isSelfHosted)
+        if (!usage)
+            return;
+        // Always update the per-session token counters in the DB.
+        try {
+            await agentSession_1.AgentSession.increment({
+                promptTokensUsed: usage.prompt_tokens,
+                completionTokensUsed: usage.completion_tokens,
+                totalTokensUsed: usage.total_tokens,
+            }, { where: { id: sessionId } });
+        }
+        catch (err) {
+            log.error('Failed to update agent session token usage', { sessionId, error: err });
+        }
+        if (!subscription.id || config_1.config.isSelfHosted)
             return;
         try {
             await subscriptionUsage_1.SubscriptionUsage.create({
@@ -290,8 +409,8 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
             log.warn('Agent LLM returned empty content; sending generic error to client.');
             const errorMessage = 'The agent returned an empty response. Please try again.';
             (0, utils_1.sendFinalAnswer)(send, sessionId, errorMessage, true);
-            // Clear any cached session state so a subsequent attempt can
-            // start fresh without a polluted history.
+            // Evict from the in-memory cache; the DB record is kept so the session
+            // appears in the list and can be retried or deleted by the user.
             sessionMessages.delete(sessionId);
             return;
         }
@@ -398,6 +517,7 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
                 sender: 'agent',
                 content: hasFinalAnswerTag ? content : `<final_answer>\n${content}\n</final_answer>`,
             });
+            await persistSessionToDB(sessionId, session);
             sessionMessages.delete(sessionId);
         }
         else if (content) {
@@ -416,6 +536,7 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
                 sender: 'agent',
                 content: `<final_answer>\n${content}\n</final_answer>`,
             });
+            await persistSessionToDB(sessionId, session);
             sessionMessages.delete(sessionId);
         }
         else {
@@ -423,6 +544,7 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
                 sessionId,
             });
             (0, utils_1.sendFinalAnswer)(send, sessionId, 'The agent returned an empty response. Please try again.', true);
+            // Evict from in-memory cache; DB record is preserved.
             sessionMessages.delete(sessionId);
         }
     }
@@ -430,8 +552,8 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
         log.error('Agent LLM call failed', { error: err });
         const errorMessage = 'Agent failed to call language model. Please try again later.';
         (0, utils_1.sendFinalAnswer)(send, sessionId, errorMessage, true);
-        // Clear any cached session state so a subsequent attempt can
-        // start fresh without being polluted by a failed turn.
+        // Evict from in-memory cache; DB record is preserved so the user can
+        // review or delete the session from the client.
         sessionMessages.delete(sessionId);
     }
 }
@@ -504,3 +626,125 @@ function attachAgentWebSocketServer(server) {
     logger_1.logger.info('Agent WebSocket server attached at path /ws/omni-agent');
     return wss;
 }
+// ─── REST router ─────────────────────────────────────────────────────────────
+// Exposes agent session management endpoints that the macOS (and Windows)
+// clients can call over plain HTTP before/during a session.
+function createAgentRouter() {
+    const router = express_1.default.Router();
+    // Apply auth to every route in this router.
+    router.use(authMiddleware_1.authMiddleware);
+    // GET /api/agent/sessions
+    // Returns the most recent 50 sessions for the authenticated subscription,
+    // ordered by last activity descending.
+    router.get('/sessions', async (req, res) => {
+        const { subscription, logger: log } = res.locals;
+        try {
+            const sessions = await agentSession_1.AgentSession.findAll({
+                where: { subscriptionId: subscription.id },
+                order: [['last_active_at', 'DESC']],
+                limit: 50,
+                attributes: [
+                    'id',
+                    'title',
+                    'platform',
+                    'turns',
+                    'totalTokensUsed',
+                    'promptTokensUsed',
+                    'completionTokensUsed',
+                    'lastActiveAt',
+                    'createdAt',
+                    'updatedAt',
+                ],
+            });
+            res.json(sessions.map((s) => ({
+                id: s.id,
+                title: s.title,
+                platform: s.platform,
+                turns: s.turns,
+                totalTokensUsed: Number(s.totalTokensUsed),
+                promptTokensUsed: Number(s.promptTokensUsed),
+                completionTokensUsed: Number(s.completionTokensUsed),
+                remainingContextTokens: Math.max(0, utils_1.MAX_HISTORY_TOTAL - Number(s.totalTokensUsed)),
+                contextBudget: utils_1.MAX_HISTORY_TOTAL,
+                lastActiveAt: s.lastActiveAt,
+                createdAt: s.createdAt,
+                updatedAt: s.updatedAt,
+            })));
+        }
+        catch (err) {
+            log.error('Failed to list agent sessions', { error: err });
+            res.status(500).json({ error: 'Internal server error' });
+        }
+    });
+    // DELETE /api/agent/sessions/:sessionId
+    // Allows the client to explicitly delete a session and its stored history.
+    router.delete('/sessions/:sessionId', async (req, res) => {
+        const { subscription, logger: log } = res.locals;
+        const { sessionId } = req.params;
+        if (!sessionId || typeof sessionId !== 'string' || sessionId.length > 128) {
+            res.status(400).json({ error: 'Invalid session ID' });
+            return;
+        }
+        try {
+            const deleted = await agentSession_1.AgentSession.destroy({
+                where: { id: sessionId, subscriptionId: subscription.id },
+            });
+            if (deleted === 0) {
+                res.status(404).json({ error: 'Session not found' });
+                return;
+            }
+            // Also remove from the in-memory cache if it was loaded.
+            sessionMessages.delete(sessionId);
+            res.status(200).json({ deleted: true });
+        }
+        catch (err) {
+            log.error('Failed to delete agent session', { sessionId, error: err });
+            res.status(500).json({ error: 'Internal server error' });
+        }
+    });
+    // GET /api/agent/sessions/:sessionId/context
+    // Returns token usage and remaining context budget for a single session.
+    router.get('/sessions/:sessionId/context', async (req, res) => {
+        const { subscription, logger: log } = res.locals;
+        const { sessionId } = req.params;
+        // Validate that sessionId is a well-formed non-empty string (no path traversal).
+        if (!sessionId || typeof sessionId !== 'string' || sessionId.length > 128) {
+            res.status(400).json({ error: 'Invalid session ID' });
+            return;
+        }
+        try {
+            const session = await agentSession_1.AgentSession.findOne({
+                where: { id: sessionId, subscriptionId: subscription.id },
+                attributes: [
+                    'id',
+                    'title',
+                    'turns',
+                    'totalTokensUsed',
+                    'promptTokensUsed',
+                    'completionTokensUsed',
+                    'lastActiveAt',
+                ],
+            });
+            if (!session) {
+                res.status(404).json({ error: 'Session not found' });
+                return;
+            }
+            res.json({
+                id: session.id,
+                title: session.title,
+                turns: session.turns,
+                totalTokensUsed: Number(session.totalTokensUsed),
+                promptTokensUsed: Number(session.promptTokensUsed),
+                completionTokensUsed: Number(session.completionTokensUsed),
+                remainingContextTokens: Math.max(0, utils_1.MAX_HISTORY_TOTAL - Number(session.totalTokensUsed)),
+                contextBudget: utils_1.MAX_HISTORY_TOTAL,
+                lastActiveAt: session.lastActiveAt,
+            });
+        }
+        catch (err) {
+            log.error('Failed to fetch agent session context', { error: err });
+            res.status(500).json({ error: 'Internal server error' });
+        }
+    });
+    return router;
+}

package/backend-dist/agent/utils.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAX_HISTORY_TOTAL = void 0;
 exports.buildAvailableTools = buildAvailableTools;
 exports.createUserContent = createUserContent;
 exports.sendFinalAnswer = sendFinalAnswer;
@@ -60,7 +61,7 @@ function sendFinalAnswer(send, sessionId, message, isError) {
 const MAX_MESSAGE_CONTENT = (0, ai_client_1.getMaxMessageContentLength)(config_1.config.aiProvider);
 // Total character budget across all history messages (derived from the
 // provider's context-window size minus headroom for output + system prompt).
-const MAX_HISTORY_TOTAL = (0, ai_client_1.getMaxHistoryLength)(config_1.config.aiProvider);
+exports.MAX_HISTORY_TOTAL = (0, ai_client_1.getMaxHistoryLength)(config_1.config.aiProvider);
 const FINAL_ANSWER_REQUEST = {
     role: 'user',
     content: 'Content was truncated because a length limit was reached. ' +
@@ -91,7 +92,7 @@ function pushToSessionHistory(logger, session, message) {
     }
     // 2. Total history length limit.
     const currentTotal = session.history.reduce((acc, msg) => acc + (typeof msg.content === 'string' ? msg.content.length : 0), 0);
-    const remaining = MAX_HISTORY_TOTAL - currentTotal;
+    const remaining = exports.MAX_HISTORY_TOTAL - currentTotal;
     if (content.length > remaining) {
         content = content.slice(0, Math.max(0, remaining - FINAL_ANSWER_REQUEST.content.length));
         limitHit = true;

package/backend-dist/authMiddleware.js

@@ -32,6 +32,10 @@ async function selfHostedSubscription() {
 async function authMiddleware(req, res, next) {
     const authHeader = req.headers.authorization;
     logger_1.logger.defaultMeta = { traceId: (0, crypto_1.randomUUID)() };
+    if (config_1.config.blockSaas) {
+        logger_1.logger.warn('Blocking SaaS access: rejecting request due to BLOCK_SAAS=true');
+        return res.status(403).json({ error: 'SaaS access is blocked.' });
+    }
     if (config_1.config.isSelfHosted || !config_1.config.jwtSecret) {
         logger_1.logger.info('Self-hosted mode: skipping auth middleware.');
         if (config_1.config.isSelfHosted) {

package/backend-dist/config.js

@@ -92,4 +92,5 @@ exports.config = {
     tavilyApiKey: getEnv('TAVILY_API_KEY', false),
     searxngUrl: getEnv('SEARXNG_URL', false),
     terminalPlatform: getEnv('TERMINAL_PLATFORM', false),
+    blockSaas: getBooleanEnv('BLOCK_SAAS', false),
 };

package/backend-dist/db.js

@@ -14,6 +14,13 @@ if (config_1.config.isSelfHosted) {
         logging: config_1.config.dbLogging ? console.log : false,
     });
 }
+else if (config_1.config.blockSaas) {
+    exports.sequelize = sequelize = new sequelize_1.Sequelize({
+        dialect: 'sqlite',
+        storage: ':memory:',
+        logging: false,
+    });
+}
 else if (config_1.config.databaseUrl) {
     // Use Postgres for cloud/hosted
     exports.sequelize = sequelize = new sequelize_1.Sequelize(config_1.config.databaseUrl, {

package/backend-dist/index.js

@@ -15,7 +15,8 @@ const logger_1 = require("./logger");
 const taskInstructionRoutes_1 = require("./taskInstructionRoutes");
 const config_1 = require("./config");
 const agentServer_1 = require("./agent/agentServer");
-const appDownload_1 = require("./models/appDownload");
+// Importing AgentSession ensures the model is registered with Sequelize before initDatabase().
+require("./models/agentSession");
 const app = (0, express_1.default)();
 const PORT = Number(config_1.config.port);
 app.set('trust proxy', 1);
@@ -26,20 +27,13 @@ app.use(express_1.default.static(path_1.default.join(process.cwd(), 'public')));
 app.use('/api/subscription', (0, subscriptionRoutes_1.createSubscriptionRouter)(logger_1.logger));
 app.use('/api/feature', (0, featureRoutes_1.createFeatureRouter)());
 app.use('/api/instructions', (0, taskInstructionRoutes_1.taskInstructionRouter)());
+app.use('/api/agent', (0, agentServer_1.createAgentRouter)());
 app.get('/macos/download', (_req, res) => {
     const dmgPath = path_1.default.join(process.cwd(), 'macOS', 'OmniKeyAI.dmg');
     if (!fs_1.default.existsSync(dmgPath)) {
         res.status(404).send('File not found.');
         return;
     }
-    if (!config_1.config.isSelfHosted) {
-        appDownload_1.AppDownload.findOrCreate({
-            where: { platform: 'macos' },
-            defaults: { platform: 'macos', count: 0 },
-        })
-            .then(([record]) => record.increment('count'))
-            .catch((err) => logger_1.logger.error('Failed to increment macOS download count.', { error: err }));
-    }
     res.set({
         'Content-Type': 'application/octet-stream',
         'Content-Disposition': 'attachment; filename="OmniKeyAI.dmg"',
@@ -74,8 +68,8 @@ app.get('/macos/appcast', (req, res) => {
     const appcastUrl = `${baseUrl}/macos/appcast`;
     // These should match the values embedded into the macOS app
     // Info.plist in macOS/build_release_dmg.sh.
-    const bundleVersion = '19';
-    const shortVersion = '1.0.18';
+    const bundleVersion = '20';
+    const shortVersion = '1.0.19';
     const xml = `<?xml version="1.0" encoding="utf-8"?>
 <rss version="2.0"
      xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle"
@@ -113,14 +107,6 @@ app.get('/windows/download', (_req, res) => {
         res.status(404).send('File not found.');
         return;
     }
-    if (!config_1.config.isSelfHosted) {
-        appDownload_1.AppDownload.findOrCreate({
-            where: { platform: 'windows' },
-            defaults: { platform: 'windows', count: 0 },
-        })
-            .then(([record]) => record.increment('count'))
-            .catch((err) => logger_1.logger.error('Failed to increment Windows download count.', { error: err }));
-    }
     res.set({
         'Content-Type': 'application/zip',
         'Content-Disposition': `attachment; filename="${WIN_ZIP_FILENAME}"`,
@@ -155,11 +141,6 @@ app.get('/windows/update', (req, res) => {
         releaseNotes: '',
     });
 });
-app.get('/api/downloads', async (_req, res) => {
-    const rows = await appDownload_1.AppDownload.findAll({ where: { platform: ['macos', 'windows'] } });
-    const find = (p) => Number(rows.find((r) => r.platform === p)?.count ?? 0);
-    res.json({ macos: find('macos'), windows: find('windows') });
-});
 app.get('/health', (_req, res) => {
     res.json({ status: 'ok' });
 });

package/backend-dist/models/agentSession.js

@@ -0,0 +1,80 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AgentSession = void 0;
+const sequelize_1 = require("sequelize");
+const cuid_1 = __importDefault(require("cuid"));
+const db_1 = require("../db");
+const subscription_1 = require("./subscription");
+class AgentSession extends sequelize_1.Model {
+}
+exports.AgentSession = AgentSession;
+AgentSession.init({
+    id: {
+        type: sequelize_1.DataTypes.STRING,
+        primaryKey: true,
+        allowNull: false,
+        defaultValue: () => (0, cuid_1.default)(),
+    },
+    subscriptionId: {
+        type: sequelize_1.DataTypes.STRING,
+        allowNull: false,
+        field: 'subscription_id',
+        references: {
+            model: subscription_1.Subscription,
+            key: 'id',
+        },
+        onUpdate: 'CASCADE',
+        onDelete: 'CASCADE',
+    },
+    title: {
+        type: sequelize_1.DataTypes.STRING,
+        allowNull: false,
+        defaultValue: 'New Session',
+    },
+    platform: {
+        type: sequelize_1.DataTypes.STRING,
+        allowNull: true,
+    },
+    historyJson: {
+        type: sequelize_1.DataTypes.TEXT,
+        allowNull: false,
+        defaultValue: '[]',
+        field: 'history_json',
+    },
+    turns: {
+        type: sequelize_1.DataTypes.INTEGER,
+        allowNull: false,
+        defaultValue: 0,
+    },
+    promptTokensUsed: {
+        type: sequelize_1.DataTypes.BIGINT,
+        allowNull: false,
+        defaultValue: 0,
+        field: 'prompt_tokens_used',
+    },
+    completionTokensUsed: {
+        type: sequelize_1.DataTypes.BIGINT,
+        allowNull: false,
+        defaultValue: 0,
+        field: 'completion_tokens_used',
+    },
+    totalTokensUsed: {
+        type: sequelize_1.DataTypes.BIGINT,
+        allowNull: false,
+        defaultValue: 0,
+        field: 'total_tokens_used',
+    },
+    lastActiveAt: {
+        type: sequelize_1.DataTypes.DATE,
+        allowNull: false,
+        defaultValue: sequelize_1.DataTypes.NOW,
+        field: 'last_active_at',
+    },
+}, {
+    sequelize: db_1.sequelize,
+    tableName: 'agent_sessions',
+    indexes: [{ fields: ['subscription_id'] }],
+});

package/backend-dist/subscriptionRoutes.js

@@ -77,6 +77,10 @@ function createSubscriptionRouter(logger) {
     router.post('/activate', async (req, res) => {
         logger.defaultMeta = { traceId: (0, crypto_1.randomUUID)() };
         logger.info('Handling subscription activation request using user key.');
+        if (config_1.config.blockSaas) {
+            logger.warn('Blocking SaaS access: rejecting subscription activation due to BLOCK_SAAS=true');
+            return res.status(403).json({ error: 'SaaS access is blocked.' });
+        }
         try {
             const body = zod_1.default.custom().parse(req.body);
             const subscription = config_1.config.isSelfHosted

package/backend-dist/taskInstructionRoutes.js

@@ -39,14 +39,6 @@ function taskInstructionRouter() {
     router.post('/templates', authMiddleware_1.authMiddleware, async (req, res) => {
         const { logger, subscription } = res.locals;
         try {
-            const existingCount = await subscriptionTaskTemplate_1.SubscriptionTaskTemplate.count({
-                where: { subscriptionId: subscription.id },
-            });
-            if (existingCount >= 5) {
-                return res
-                    .status(400)
-                    .json({ error: 'You can save up to 5 task templates per subscription.' });
-            }
             const parseResult = taskTemplateSchema.parse(req.body);
             const template = await subscriptionTaskTemplate_1.SubscriptionTaskTemplate.create({
                 subscriptionId: subscription.id,
@@ -153,5 +145,16 @@ function taskInstructionRouter() {
             res.status(500).json({ error: 'Failed to set default task template.' });
         }
     });
+    router.post('/templates/clear-default', authMiddleware_1.authMiddleware, async (req, res) => {
+        const { logger, subscription } = res.locals;
+        try {
+            await subscriptionTaskTemplate_1.SubscriptionTaskTemplate.update({ isDefault: false }, { where: { subscriptionId: subscription.id, isDefault: true } });
+            res.status(204).send();
+        }
+        catch (err) {
+            logger.error('Error clearing default task template.', { error: err });
+            res.status(500).json({ error: 'Failed to clear default task template.' });
+        }
+    });
     return router;
 }

package/package.json

@@ -4,7 +4,7 @@
     "access": "public",
     "registry": "https://registry.npmjs.org/"
   },
-  "version": "1.0.25",
+  "version": "1.0.26",
   "description": "CLI for onboarding users to Omnikey AI and configuring OPENAI_API_KEY. Use Yarn for install/build.",
   "engines": {
     "node": ">=14.0.0",