Dev

[stormyy00]

Summary by CodeRabbit

• New Features

  • Redesigned bin view with multi-panel layout: document library, tabbed viewer (PDF/image/text), and integrated chat panel; upload and bin settings dialogs; document search and per-chat document context/viewer.

• Bug Fixes

  • Stricter document existence checks and enforced bin/chat ownership on chat routes to prevent unauthorized access.

• Chores

  • Updated AI model, extended session duration to 7 days, and updated local service URLs/healthcheck endpoints.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
continote	Ready	Preview, Comment	Jan 9, 2026 8:52am
continote-hcvl	Ready	Preview, Comment	Jan 9, 2026 8:52am

[coderabbitai]

Walkthrough

Adds bin-ownership middleware for chat routes, migrates runtime endpoints from port 5000 to 8000, tightens repository return shapes with explicit column selections and ISO timestamps, removes public userId fields from API models, extends session duration, updates LLM model, and introduces document library/viewer UI and related store state.

Changes

Cohort / File(s)	Summary
Port Migration to 8000 Dockerfile, server/src/utils/storage.ts, server/src/utils/swagger/swagger-output.json, src/utils/auth-client.ts	Updated hardcoded localhost ports/endpoints from 5000 → 8000 (healthcheck, signed URL base, OpenAPI servers, auth-client fallback).
Bin Ownership Middleware server/src/middleware/bin-ownership.middleware.ts, server/src/middleware/index.ts, server/src/routes/chats.router.ts	Added requireBinOwnership middleware; re-exported it; applied it to all chat routes to verify session and bin/chat ownership before handlers run.
Chat Service Authorization Removal server/src/chat/chat.service.ts	Removed in-method existence/ownership checks from deleteChat, getMessagesByChatId, and sendMessage (relies on middleware now).
Repository Field Selection Refactor server/src/bins/bins.repository.ts, server/src/chat/chat.repository.ts, server/src/documents/documents.repository.ts	Replaced generic .select() with explicit projections; return objects explicitly mapped; timestamps normalized to ISO; deletedAt omitted from public returns except findDeleted.
Document Existence Tightening server/src/documents/documents.service.ts	Now treats missing document OR missing filePath as "Document not found" for get/download/permanent delete flows.
Model Privacy Changes server/src/types/models.ts	Removed/made internal userId fields non-public (Bin, Document, Chat, ChatMessage); made Document.filePath optional/internal-only.
Session & LLM Config server/src/utils/auth.ts, server/src/utils/llm.ts	Session expiry extended to 7 days (cookie maxAge updated, updateAge reduced to 1 day); LLM model updated to gemini-2.5-flash-lite.
Session Cookie Key Rename src/proxy.ts	Renamed session cookie key better-auth.session_data → better-auth.session_token.
Frontend: Document Library & Viewer src/components/bins/document-library.tsx, src/components/bins/viewer.tsx, src/components/bins/bin-detail.tsx	Added DocumentLibrary component and DocumentViewer (PDF/Image/Text renderers, tabs); BinDetail reworked to multi-panel layout, integrated library/viewer, upload/settings dialogs, collapseable right panel, and auto-load recent chat.
DocumentCard API Changes src/components/documents/document-card.tsx	onDelete optional; added mode, isSelected, onClick, showSimilarity props; sidebar mode and selection rendering.
Chat Store: Document Context & Viewer State src/stores/chat-store.ts	Added per-chat document context and viewer state (chatDocumentContext, openDocumentIds, activeDocumentId, documentFilterMode) with actions to sync and manage documents and viewer.
UI & Layout Adjustments src/components/live/navigation.tsx, src/components/sidebar/sidebar.tsx	Navigation button conditional on session (Dashboard vs Get Started); minor sidebar footer layout change when collapsed.
Auth Client BaseURL src/utils/auth-client.ts	Default auth client baseURL fallback updated to http://localhost:8000.
Package Overrides server/package.json	Added overrides to pin p-retry to 4.6.2.

Sequence Diagram

sequenceDiagram
    participant Client as Client
    participant MW as requireBinOwnership
    participant Session as Session/Auth
    participant ChatsRepo as Chats Repo
    participant BinsRepo as Bins Repo
    participant Handler as Chat Route Handler

    Client->>MW: Request (includes chatId or binId)
    MW->>Session: extract session / userId
    alt no session
        Session-->>MW: undefined
        MW-->>Client: 401 Unauthorized
    else session found
        Session-->>MW: userId
        alt binId provided
            MW->>BinsRepo: findByIdAndUserId(binId, userId)
            alt bin found & owned
                BinsRepo-->>MW: bin
                MW->>Handler: next()
                Handler-->>Client: route handler runs
            else not found / not owned
                BinsRepo-->>MW: null
                MW-->>Client: 404 Not Found
            end
        else chatId provided
            MW->>ChatsRepo: findChatById(chatId)
            alt chat found
                ChatsRepo-->>MW: chat (includes binId)
                MW->>BinsRepo: findByIdAndUserId(chat.binId, userId)
                alt bin found & owned
                    BinsRepo-->>MW: bin
                    MW->>Handler: next()
                    Handler-->>Client: route handler runs
                else not owned
                    BinsRepo-->>MW: null
                    MW-->>Client: 403 Forbidden
                end
            else chat not found
                ChatsRepo-->>MW: null
                MW-->>Client: 404 Not Found
            end
        end
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰 I hopped from five-thousand to eight,
I guard each bin with careful gate,
Documents shine in viewer light,
Timestamps tidy, models bright,
Seven days of sessions—what a delight! 🎉

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Free

📥 Commits

Reviewing files that changed from the base of the PR and between edecb1e and a62ae1c.

📒 Files selected for processing (1)

• server/package.json

---

Note

🎁 Summarized by CodeRabbit Free

Your organization is on the Free plan. CodeRabbit will generate a high-level summary and a walkthrough for each pull request. For a comprehensive line-by-line review, please upgrade your subscription to CodeRabbit Pro by visiting https://app.coderabbit.ai/login.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}