What we shipped. In public, in order, in detail.

Misread the original HILLA-467 brief. The gate was meant for the auth'd /projects/[id] (where editing is genuinely broken on mobile), NOT share links. Share recipients want to actually see the canv…

Replaces the static / deterministic content in the "Why this plan?" modal with a real AI call that returns structured rationale.

Two new public marketing pages in the (marketing) route group (cream-only by convention).

HILLA-467 Option A — the 1-day cheap-insurance branch.

User with dark mode saved sees marketing pages (/, /pricing, /docs, etc.) rendered dark.

Seven canvas polish / feature-gap fixes bundled together.

The 150-card test fixture was taking ~3.7s to LCP on M-series hardware — 6× over the <600 ms acceptance bar.

Closes the loop opened by PR #190 / PR #195.

Sonner toasts were rendering with default shadcn defaults — rounded corners, drop shadow, hardcoded theme="light" that never flipped in dark mode.

Six bugs surfaced during preview-deploy QA.

Cleanup pass on dark-mode regressions left over after PR #199.

Seeds a synthetic 150-card / 8-widget / 50-edge / 120-task project so React Flow rendering performance can be profiled with React DevTools, and ships a reproducible script + JSON + SQL fixture so t…

Three small canvas tool palette fixes:

Batch fix sweep across nine Linear issues — silent failures, missing validations, hardcoded values, and small UX gaps.

Tight surface-bug pass across canvas panels and onboarding.

Tight bug-fix pass over four modal/dialog files in src/components/workspace/.

Polish pass on the left canvas tool palette — fixes 9 small papercuts around dark-mode contrast, accessibility, and pencil-stroke quality.

🤖 Generated with Claude Code

Yesterday's wrapper fallback (#197) didn't fully kill the browser context menu — React Flow's preventDefault didn't always propagate to the wrapper, and some right-click targets landed outside the…

Right-clicking on certain canvas areas was triggering Chrome's native menu (Save As, Print, Inspect, ...) instead of Hilla's pane context menu.

Two bugs from yesterday.

PR #190 broke login. The app's Supabase client uses @supabase/supabase-js (localStorage session), but the middleware uses @supabase/ssr (cookie session). After successful login the middleware's get…

Two scope-tight marketing/UX polish wins, one per commit.

While dragging a card on the canvas, snap to the X coordinate of other cards in the same scope (column alignment) and the Y coordinate of cards in the same row band.

| Branch | When | Logged path |

Selecting more than one card on the canvas previously did nothing visible.

Pre-PLAY-449 the middleware was a no-op and protection relied entirely on client-side AuthContext.

Adds infrastructure so existing subscribers on deprecated pricing tiers don't lose entitlements when their next subscription event fires.

Removes the @ts-nocheck escape hatch from every remaining file in PLAY-447's list.

Audited every error path in useAI.ts. Findings (none silent):

src/services/vercelApi.ts was the legacy direct-from-browser Vercel client.

Pricing page hardcoded credit amounts and dollar prices in the PLANS array, while checkout / webhook code read them from PRODUCT_CREDIT_MAP.

Two EmptyState components existed:

Widget showed '—' / +0 / +0 even when status said CONNECTED.

The chat AI was reasoning against a stale snapshot of the board: any manual edits, MCP writes, or realtime collaborator changes made between AI turns were invisible.

PlanSettingsStrip is plan-intake UI, not chat UI.

Home was inheriting the root layout's generic metadata.

Two changes to make the share affordances less ambiguous:

PAYG overflow was wired up in the backend but never surfaced in the UI.

Follows the Supabase widget pattern from #176:

Adds an end-to-end working Supabase widget.

Settings → Billing now has a 'Usage breakdown' section between Credits & Plan and Usage History:

1. CLI's AI engine now matches the in-app stack — kimi-k2.5 swapped for kimi-k2.6 in ALLOWED_MODELS, and fetchOpenRouter injects the same provider:{only:['wandb/fp4'],allow_fallbacks:false} + reaso…

Trivial cleanup — unused err binding in orchestrator catch (parse-failure path no longer references it) and an unused eslint-disable directive in ThinkStripper.push().

The orchestrator runs sequentially for ~16s before the 6 parallel category agents fire.

Cap conversation history at the server: keep ALL system-role messages (summary breadcrumbs) + last 12 non-system messages.

BOARD_TOOLS schema was 27k chars (~6.8k tokens) shipped on every chat call.

Drops three pieces of the BOARD STATE block the chat AI sees:

The AI was happily naming its underlying model, provider, routing layer, and infra (\"I'm Kimi K2.6 via wandb/fp4 on OpenRouter\", \"check the model field in your ai-proxy logs\").

PR #166 introduced a truncation regression: every K2.6 message lost its last 1-6 chars mid-word.

K2.6 emits its chain-of-thought as inline \<think>...</think>\ blocks inside the regular content field, ignoring \reasoning:{enabled:false}\ (which only suppresses the structured reasoning field).

1. MODEL_PRIMARY → moonshotai/kimi-k2.6. Chat path moves from Sonnet 4.6 to K2.6 via wandb/fp4 (same pin/no-reasoning routing as plan-gen). Sonnet 4.5 stays as the status-code fallback (404/429/5xx…

Per-chat input was running 14-16k tokens because BASE_SYSTEM_PROMPT carried 5 verbose few-shot examples (~7k tokens), dominated by a 5k-token \generate_plan\ demo that the chat path never actually…

Chat, board edits, and MCP tool use stay on Sonnet 4.6.

🤖 Generated with Claude Code

K2.5 (and K2.6) on OpenRouter's throughput-sort keep landing on hung providers.

\[ai-proxy] Stream error: TimeoutError: Signal timed out.\ — fired exactly 60s after orchestrator_start.

K2.6 on OpenRouter ships with thinking enabled by default.

Two changes in one PR because they ship together: