openmates 0.12.0-alpha.9 → 0.12.0

package/dist/{chunk-5SWMZDHG.js → chunk-UGEZLQKN.js}

@@ -7305,8 +7305,6 @@ var DIRECT_TYPES = /* @__PURE__ */ new Set([
   "recording",
   "mail-email",
   "math-plot",
-  "mermaid",
-  "diagrams-mermaid",
   "events-event",
   "health-appointment",
   "shopping-product",
@@ -7334,8 +7332,6 @@ var DIRECT_TYPE_LABELS = {
   "recording": "recording",
   "mail-email": "email",
   "math-plot": "plot",
-  "mermaid": "Mermaid diagram",
-  "diagrams-mermaid": "Mermaid diagram",
   "events-event": "event",
   "health-appointment": "appointment",
   "shopping-product": "product",
@@ -8292,11 +8288,6 @@ function renderByDirectType(embed, c, ln) {
       ln("\x1B[2m[mathematical plot]\x1B[0m");
       break;
     }
-    case "mermaid":
-    case "diagrams-mermaid": {
-      renderMermaidPreview(c, ln);
-      break;
-    }
     case "images-image-result": {
       const title = str(c.title) ?? "";
       const source = str(c.source) ?? str(c.url) ?? "";
@@ -8462,11 +8453,6 @@ function renderDirectTypeFullscreen(embed, c) {
       }
       break;
     }
-    case "mermaid":
-    case "diagrams-mermaid": {
-      renderMermaidFullscreen(c);
-      break;
-    }
     default: {
       for (const [k, v] of Object.entries(c)) {
         if (v === null || v === void 0 || k.startsWith("_")) continue;
@@ -8485,38 +8471,6 @@ function renderDirectTypeFullscreen(embed, c) {
     }
   }
 }
-function renderMermaidPreview(c, ln) {
-  const title = str(c.title) ?? "Mermaid diagram";
-  const kind = str(c.diagram_kind) ?? "mermaid";
-  const source = str(c.diagram_code) ?? str(c.code) ?? str(c.source) ?? "";
-  ln(`\x1B[1m${title}\x1B[0m`);
-  ln(`\x1B[2mMermaid diagram \xB7 ${kind}\x1B[0m`);
-  if (source) {
-    for (const line of source.split("\n").slice(0, 4)) {
-      if (line.trim()) ln(`  ${trunc(line, 80)}`);
-    }
-    if (source.split("\n").length > 4) ln("  ...");
-  }
-}
-function renderMermaidFullscreen(c) {
-  const title = str(c.title) ?? "Mermaid diagram";
-  const kind = str(c.diagram_kind) ?? "mermaid";
-  const status = str(c.status);
-  const source = str(c.diagram_code) ?? str(c.code) ?? str(c.source) ?? "";
-  process.stdout.write(`\x1B[1m${title}\x1B[0m
-`);
-  process.stdout.write(`\x1B[2mMermaid diagram \xB7 ${kind}${status ? ` \xB7 ${status}` : ""}\x1B[0m
-
-`);
-  if (source) {
-    process.stdout.write("```mermaid\n");
-    process.stdout.write(`${source.trim()}
-`);
-    process.stdout.write("```\n");
-  } else {
-    process.stdout.write("No Mermaid source available.\n");
-  }
-}
 function resolveResultCount(c) {
   if (typeof c.result_count === "number") return c.result_count;
   const results = c.results;
@@ -23458,7 +23412,8 @@ var usbC3v3LdoPcbSchematicChat = {
   ],
   metadata: {
     featured: true,
-    order: 103
+    order: 103,
+    content_embed_examples: ["electronics.schematic"]
   }
 };
 
@@ -23494,7 +23449,7 @@ var berlinMorningBikeForecastChat = {
     {
       "embed_id": "324eba33-3622-409c-b401-183f95d6183e",
       "type": "app_skill_use",
-      "content": 'app_id: weather\nskill_id: forecast\nresult_count: 2\nembed_ids: c72c110f-9513-4ce8-a943-d66888c6bad0|4d855526-af41-47cf-a354-c769f3098c94\nstatus: finished\nembed_id: 324eba33-3622-409c-b401-183f95d6183e\ndays: 2\nlocation: Berlin\nquery: Berlin weather forecast\ndays_requested: 2\nprovider: Deutscher Wetterdienst (DWD) + Open-Meteo\npreview_results[2]{title,source_provider,source_station_name,source_dwd_station_id,source_wmo_station_id,source_observation_type,source_distance_m,source_lat,source_lon,source_height_m,source_first_record,source_last_record,date,provider}:\n  Berlin weather 2026-06-18,Deutscher Wetterdienst (DWD),BERLIN-ALEX.,"00399","10389",forecast,805.0,52.52,13.42,37.0,"2026-06-18T08:00:00+02:00","2026-06-28T12:00:00+02:00",2026-06-18,Deutscher Wetterdienst (DWD)\n  Berlin weather 2026-06-19,Deutscher Wetterdienst (DWD),BERLIN-ALEX.,"00399","10389",forecast,805.0,52.52,13.42,37.0,"2026-06-18T08:00:00+02:00","2026-06-28T12:00:00+02:00",2026-06-19,Deutscher Wetterdienst (DWD)',
+      "content": "app_id: weather\nskill_id: forecast\nresult_count: 2\nembed_ids: c72c110f-9513-4ce8-a943-d66888c6bad0|4d855526-af41-47cf-a354-c769f3098c94\nstatus: finished\nembed_id: 324eba33-3622-409c-b401-183f95d6183e\ndays: 2\nlocation: Berlin\nquery: Berlin weather forecast\ndays_requested: 2\nprovider: Deutscher Wetterdienst (DWD) + Open-Meteo\npreview_results[2]{title,date,location_name,provider,condition,icon,temperature_min_c,temperature_max_c,precipitation_total_mm,precipitation_probability_max_pct,rain_hours,wind_speed_max_kmh,cloud_cover_avg_pct,relative_humidity_avg_pct}:\n  Berlin weather 2026-06-18,2026-06-18,Berlin,Deutscher Wetterdienst (DWD),dry,partly-cloudy-day,20.1,28.3,0,7,0,15.8,79,69.2\n  Berlin weather 2026-06-19,2026-06-19,Berlin,Deutscher Wetterdienst (DWD),dry,partly-cloudy-day,18.4,32.0,0,4,0,11.1,58.7,null",
       "parent_embed_id": null,
       "embed_ids": [
         "c72c110f-9513-4ce8-a943-d66888c6bad0",
@@ -30049,6 +30004,15 @@ Only output the final Markdown table. Do NOT include explanations, notes, or any
     anonymous_terms_reminder: {
       text: "By sending a message you accept the terms & privacy policy of OpenMates."
     },
+    anonymous_terms_reminder_prefix: {
+      text: "By sending a message you accept the "
+    },
+    anonymous_terms_reminder_connector: {
+      text: " & "
+    },
+    anonymous_terms_reminder_suffix: {
+      text: " of OpenMates."
+    },
     send: {
       text: "Send"
     },
@@ -30586,6 +30550,38 @@ Only output the final Markdown table. Do NOT include explanations, notes, or any
         text: "What live music or performance events are happening in Berlin next week?"
       }
     },
+    email_verification_sequence_diagram: {
+      title: {
+        text: "Email Verification Sequence Diagram"
+      },
+      summary: {
+        text: "Create a clear sequence diagram for an email verification signup flow without manually selecting an app."
+      },
+      message_1: {
+        text: "Draw a clear sequence diagram for how a user signs up with email verification, including the browser, API, email service, and database."
+      },
+      message_2: {
+        text: 'This sequence diagram illustrates the standard "Double Opt-In" flow for user registration. This process ensures that the email address provided is valid and belongs to the user, which is a critical security step for protecting your community from spam and ensuring reliable communication.\n\n```json\n{"type": "mermaid", "embed_id": "ca024780-71b4-429b-8ffc-e3a5bdbe7eea"}\n```\n\n### Key Security Best Practices\n1.  **Password Hashing**: Never store passwords in plain text. Use [Argon2](wiki:Argon2) or [bcrypt](wiki:Bcrypt) with a strong work factor.\n2.  **Token Entropy**: The verification token should be a high-entropy cryptographically secure random string (e.g., [UUID v4](wiki:Universally_unique_identifier) or a 32-byte hex string).\n3.  **Token Expiration**: Set a short expiration (e.g., 24 hours). This minimizes the window of opportunity if an email account is compromised.\n4.  **Rate Limiting**: Implement [rate limiting](wiki:Rate_limiting) on the signup endpoint to prevent malicious actors from using your server to send "email bombs" or spamming your database.\n\n### Why this flow builds a better community\nBy requiring email verification, you ensure that every member of your platform is reachable and has provided a legitimate point of contact. This reduces the prevalence of [botnets](wiki:Botnet) and fake accounts, which helps maintain a high level of trust and [social capital](wiki:Social_capital) within your digital space.\n\n**What would you like to explore next?**\n- Would you like to see the code implementation for the token generation and hashing in a specific language like **Node.js** or **Python**?\n- Should we design the **"Forgot Password"** flow, which uses a very similar token-based logic?\n\nIf you\'d like to save these requirements to your project notes, you can [create a new tech preference entry](/#settings/apps/code/settings_memories/preferred_tech/create?prefill={"name":"Auth Flow","proficiency":"Email Verification"}).'
+      },
+      follow_up_1: {
+        text: "Show me the Node.js implementation for token generation and hashing"
+      },
+      follow_up_2: {
+        text: "Explain the importance of high-entropy tokens in security"
+      },
+      follow_up_3: {
+        text: "Generate a sequence diagram for the forgot password flow"
+      },
+      follow_up_4: {
+        text: "Describe how email verification reduces bot accounts"
+      },
+      follow_up_5: {
+        text: "Search for best practices for rate limiting in Node.js"
+      },
+      follow_up_6: {
+        text: "Compare Argon2 and bcrypt for password hashing"
+      }
+    },
     eu_chat_control_law: {
       title: {
         text: "EU Chat Control Law: Criticisms and Current Status"
@@ -33674,10 +33670,10 @@ As of mid-2026, the severe supply shocks from the 2024\u20132025 avian flu have
           text: "Account: Email address, username/display name, profile image, locale, and security settings (e.g., 2FA enabled). Email and username are encrypted with your key before storage. We also keep a separate server-side Vault-encrypted copy of your verified email address for mandatory account lifecycle notices, such as account verification, security alerts, and deletion reminders. Passwords are stored as salted hashes."
         },
         usage: {
-          text: "Usage: Server logs, event timestamps, feature usage, error logs, and device recognition identifiers (hashed). IP addresses may be temporarily processed for security and rate limiting."
+          text: "Usage: Server logs, event timestamps, feature usage, error logs, and device recognition identifiers (hashed). IP addresses may be temporarily processed for security, rate limiting, and anonymous free-usage budget checks. Anonymous free usage uses a first-party random local identifier and sends only a server-side HMAC-hashed form for per-identity abuse limits."
         },
         content: {
-          text: "Content: Chat messages, prompts, attachments, and uploaded images/videos necessary to deliver the service (subject to moderation where applicable)."
+          text: "Content: Chat messages, prompts, attachments, and uploaded images/videos necessary to deliver the service (subject to moderation where applicable). Anonymous free-usage chats stay local-only and encrypted with per-chat keys before signup; they are uploaded only if you sign up and promote them into account sync."
         },
         payments: {
           text: "Payments: Payment method tokens, transaction IDs, billing address and VAT information as required for invoicing (processed primarily by Stripe). We do not store full card numbers."
@@ -34215,7 +34211,7 @@ As of mid-2026, the severe supply shocks from the 2024\u20132025 avian flu have
           text: "Credits and Payments"
         },
         description: {
-          text: "OpenMates uses a credit-based payment system. You purchase credit packs which are consumed when using AI services. Credits do not expire and remain in your account until used. Payment processing is handled by Stripe - see our Privacy Policy for details about payment data handling."
+          text: "OpenMates uses a credit-based payment system. You purchase credit packs which are consumed when using AI services. Credits do not expire and remain in your account until used. Official-cloud anonymous free usage, when available, is a limited fair-use trial with shared daily/weekly caps and per-identity abuse limits; it is not an account credit balance and may be unavailable when the budget is exhausted. Payment processing is handled by Stripe - see our Privacy Policy for details about payment data handling."
         },
         refund: {
           text: "Refund Policy: You may request a refund for unused credits within 14 days after purchase. Your right of withdrawal expires once credits are used. See our signup process for the full refund consent details."
@@ -34753,7 +34749,7 @@ As of mid-2026, the severe supply shocks from the 2024\u20132025 avian flu have
     },
     software_development: {
       systemprompt: {
-        text: 'You are Sophia, an expert AI software development assistant.\nYour primary function is to help users with all aspects of software engineering, including writing, debugging, and understanding code, designing software architecture, and applying development best practices.\nProvide clear, concise, and accurate information.\nOffer best practices and optimization tips when relevant.\nIf a user\'s request is ambiguous, ask for clarification.\nIMPORTANT - Documentation Search First: When answering questions about APIs, SDKs, programming languages, frameworks, libraries, or any technology that evolves rapidly, ALWAYS search for the latest documentation first before providing answers. Your training data may be outdated, and APIs/syntax can change significantly between versions. This is especially critical for:\n- New or recently updated frameworks and libraries\n- Cloud service APIs (AWS, GCP, Azure, etc.)\n- Package managers and dependency management\n- Language features in newer versions (Python 3.12+, Node.js 20+, etc.)\n- Build tools and configuration formats\n- CLI tools and their flags/options\nIf you cannot search for documentation, clearly inform the user that your information may be outdated and recommend they verify against the official documentation.\nFollow security best practices. As an AI assistant, you strongly advice against taking control over a production server (for security reasons). Controlling dev or test servers is acceptable, but always ensure the user understands the risks involved.\nWhen providing code examples, ensure they are well-commented and easy to understand and add ADR sections with alternatives considered.\nWhen generating code, by default you always generate a unittest for that code first, before generating the code.\nWhen you know of an existing library, framework or function within a framework that is better suited for a task then what the user wants, suggest the better option to the user and explain the benefits of the better option.\nIf it seems like the user wants to implement a security vulnerability or something very inefficient, inform the user and ask for more context to clearify if the user really understands the implications and wants to continue.\nWhen generating code blocks, include the filepath in the opening fence using the format ```{language}:{filepath}. For example:\n```python:test.py\nprint("Hello, world!")\n```'
+        text: 'You are Sophia, an expert AI software development assistant.\nYour primary function is to help users with all aspects of software engineering, including writing, debugging, and understanding code, designing software architecture, and applying development best practices.\nProvide clear, concise, and accurate information.\nOffer best practices and optimization tips when relevant.\nIf a user\'s request is ambiguous, ask for clarification.\nIMPORTANT - Documentation Search First: When answering questions about APIs, SDKs, programming languages, frameworks, libraries, or any technology that evolves rapidly, ALWAYS search for the latest documentation first before providing answers. Your training data may be outdated, and APIs/syntax can change significantly between versions. This is especially critical for:\n- New or recently updated frameworks and libraries\n- Cloud service APIs (AWS, GCP, Azure, etc.)\n- Package managers and dependency management\n- Language features in newer versions (Python 3.12+, Node.js 20+, etc.)\n- Build tools and configuration formats\n- CLI tools and their flags/options\nIf you cannot search for documentation, clearly inform the user that your information may be outdated and recommend they verify against the official documentation.\nFollow security best practices. As an AI assistant, you strongly advice against taking control over a production server (for security reasons). Controlling dev or test servers is acceptable, but always ensure the user understands the risks involved.\nWhen providing code examples, ensure they are well-commented and easy to understand and add ADR sections with alternatives considered.\nWhen generating code, by default you always generate a unittest for that code first, before generating the code.\nWhen you know of an existing library, framework or function within a framework that is better suited for a task then what the user wants, suggest the better option to the user and explain the benefits of the better option.\nIf it seems like the user wants to implement a security vulnerability or something very inefficient, inform the user and ask for more context to clearify if the user really understands the implications and wants to continue.\nWhen generating code blocks, include the filepath in the opening fence using the format ```{language}:{filepath}. For example:\n```python:test.py\nprint("Hello, world!")\n```\nWhen a user asks for a software architecture diagram, sequence, flow, state machine, dependency map, or process sketch, prefer readable ASCII/text diagrams in a plain text code block. Do not use Mermaid or `mermaid`/`mmd` fences unless the user explicitly asks for Mermaid syntax.'
       },
       process: {
         text: "- helps with writing, debugging, and reviewing code across all programming languages\n- designs software architecture and applies development best practices\n- always searches for the latest documentation before answering API or framework questions\n- generates unit tests before writing implementation code\n- suggests better libraries, frameworks, or patterns when they exist\n- adds ADR (Architecture Decision Record) sections to code examples with alternatives considered\n- flags security vulnerabilities and inefficient approaches before implementing them\n- includes file paths in code blocks for easy integration"
@@ -38949,6 +38945,9 @@ As of mid-2026, the severe supply shocks from the 2024\u20132025 avian flu have
         weekly_remaining: {
           text: "Weekly remaining"
         },
+        monthly_remaining: {
+          text: "Monthly remaining"
+        },
         reset_at: {
           text: "Daily reset"
         },
@@ -38981,6 +38980,9 @@ As of mid-2026, the severe supply shocks from the 2024\u20132025 avian flu have
         },
         validation_percent: {
           text: "Percent values must be between 0 and 100."
+        },
+        validation_per_identity_cap: {
+          text: "Per-identity daily cap must be at least 1 credit when the monthly budget is above 0."
         }
       },
       tests: {

package/dist/cli.js

@@ -2,7 +2,7 @@
 import {
   getExtForLang,
   serializeToYaml
-} from "./chunk-5SWMZDHG.js";
+} from "./chunk-UGEZLQKN.js";
 import "./chunk-AXNRPVLE.js";
 export {
   getExtForLang,

package/dist/index.js

@@ -9,7 +9,7 @@ import {
   deriveAppUrl,
   getExtForLang,
   serializeToYaml
-} from "./chunk-5SWMZDHG.js";
+} from "./chunk-UGEZLQKN.js";
 import "./chunk-AXNRPVLE.js";
 export {
   ASSISTANT_FEEDBACK_REPORT_TITLE,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openmates",
-  "version": "0.12.0-alpha.9",
+  "version": "0.12.0",
   "description": "OpenMates CLI and SDK",
   "type": "module",
   "main": "dist/index.js",