Generate an OpenAPI spec and Swagger UI from den-api's existing Hono and zod validators so the API stays self-describing. Add route metadata, typed responses, and hide API key creation endpoints from production docs.
Co-authored-by: src-opn <src-opn@users.noreply.github.com>
* feat(den): add org API key auth and management
Let org owners and admins manage named API keys while keeping keys scoped to the issuing member and org. Reuse existing org middleware so API-key-backed requests behave like normal user actions across Den routes.
* fix(den): polish API key creation flow
Avoid duplicating the visible key prefix in the table preview and make key creation an explicit one-time reveal flow. Show the create form only after the user asks for a new key, then replace it with the copyable secret after issuance.
* fix(den): simplify API key table UI
Remove rate-limit details from the Den web API keys screen and keep the page focused on naming, reveal, and deletion. Leave the generated next-env types file out of the commit.
---------
Co-authored-by: src-opn <src-opn@users.noreply.github.com>
* feat(den): add org-managed llm provider library
Let Den admins curate shared providers and models with encrypted credentials, then let the app connect through the existing add-provider flow. This keeps org-wide model access consistent without requiring per-user OAuth setup.
* docs(den): prefer longer db encryption keys
* fix(den): pass db encryption key through local dev
---------
Co-authored-by: src-opn <src-opn@users.noreply.github.com>
* docs(landing): add privacy policy and terms of use pages
- Add comprehensive privacy policy covering Desktop App (no tracking),
Cloud Service (operational telemetry only), and Website (PostHog analytics)
- Add terms of use with AI output disclaimer, export controls, beta features,
feedback, publicity rights, and JAMS arbitration
- Create reusable LegalPage component and shared parser for .txt legal docs
- Add Privacy and Terms links to site footer
- Both pages render with consistent styling, bold definition terms,
subheadings for tracking technology categories, and clickable email links
* chore: add .turbo to .gitignore
* fix(landing): improve legal page parser for terms readability
- Detect definition blocks ("Term" means ...) and render as bulleted
list with bold terms
- Bold ALL CAPS text (warranty disclaimers, arbitration notices, etc.)
- Make URLs clickable links alongside emails
- Distinguish h2 headings (questions, longer titles) from h3 subheadings
(short section names like "Our IP", "Billing", "Usage Data")
* fix(landing): improve subscription termination wording and URL parsing
- Clarify recurring billing cancellation: users can cancel via account
settings first, contact email as fallback at our discretion
- Fix URL regex to avoid capturing trailing periods/punctuation
* fix(landing): clarify subscription cancellation — email always accepted, late refunds at our discretion
* docs(landing): convert privacy policy and terms of use to markdown
- Add proper heading hierarchy (# h1, ## h2, ### h3)
- Bold definition terms, ALL CAPS legal clauses, and sub-processor names
- Convert restriction items into bullet points
- Make all URLs and emails clickable markdown links
- Use blockquote for the API key disclaimer note
- Structure tracking technologies as proper subheadings
* refactor(landing): use markdown for legal pages, no new dependencies
- Rename .txt to .md with proper markdown formatting
- Replace txt parser with lean render-markdown.tsx (zero deps, ~120 lines)
- LegalPage handles full page shell — page.tsx files are now 8 lines each
- Add legal-prose CSS for consistent typography
- Delete parse-legal-doc.tsx
* fix(docs): restore migrated share skill links
Republish the example skill bundles on share.openworklabs.com so the docs point at live imports again, and align share bundle examples with the current publisher host.
* fix(server): use canonical shared bundle data urls
Rebuild trusted share fetch URLs to the share service's canonical /b/:id/data endpoint and cover the path with the live provider-config-helper bundle URL.
Updated dependencies to fix Next.js and React CVE vulnerabilities.
The fix-react2shell-next tool automatically updated the following packages to their secure versions:
- next
- react-server-dom-webpack
- react-server-dom-parcel
- react-server-dom-turbopack
All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory.
Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
* fix(den): parse skill frontmatter when saving skills
Keep the full SKILL.md payload in the database, derive title and description from frontmatter, and require a frontmatter name in the API. Also include shared packages in the Den web Docker image so the upload flow can be verified end to end.
* fix(den-web): transpile shared utils package
Include @openwork-ee/utils in Next's transpilePackages list so the client skill editor resolves the shared frontmatter helpers during production builds.
* fix(den-web): keep skill parsing local to the app
Move the client-side skill markdown parser into the Den web app so production builds do not depend on resolving a workspace package boundary from a client component.
* refactor(den): share skill frontmatter parsing via utils
Make Den web and Den API both depend on @openwork-ee/utils for skill frontmatter parsing, refresh the workspace lockfile, and keep the Den web build wiring explicit for CI and Docker.
* fix(den-web): build Den from the monorepo root on Vercel
Keep the shared utils package setup, but make Vercel install and build from the repo root so workspace dependencies like @openwork-ee/utils are always available when Den web deploys from its app subdirectory.
* docs(den-web): keep Vercel workspace settings in the dashboard
Remove the app-level Vercel command override from the repo and document the monorepo install/build settings for the dashboard instead.
---------
Co-authored-by: src-opn <src-opn@users.noreply.github.com>
* feat(ui): add shared seeded paper gradients
Centralize the Paper mesh and grain wrappers so React and Solid apps can reuse the same deterministic seed-based visuals without repeating shader config. Add a standalone demo surface and update existing consumers so the shared package is easier to validate and evolve.
* fix(ui): resolve shared package from source
Point the shared UI package exports at source files so Next builds do not depend on a prebuilt dist directory. Add Next transpilation for @openwork/ui in Landing and Den Web so monorepo and Vercel builds resolve the package consistently.
---------
Co-authored-by: src-opn <src-opn@users.noreply.github.com>
Break the Den DB schema into domain entrypoints and switch EE package builds to tsup so workspace development can resolve TypeScript sources directly without typeid proxy shims.
Co-authored-by: src-opn <src-opn@users.noreply.github.com>
