Changelog

Custom Domain Reliability Fixes

• Domain transfer to another PorkiCoder user actually works now — The transfer feature was silently broken since launch: supabase-js's listUsers wrapper drops the filter parameter on the floor (only forwards page + per_page to GoTrue), so the recipient lookup was returning the same wrong user every time and failing the exact-match check for everyone except whichever account happened to be at the top of the database. Replaced with a paginated lookup that exact-matches in JS. Transfer now also requires the recipient to have published a site first and the sender to enter that subdomain in the dialog, so the recipient inherits a domain pointing at content they actually control — instead of one still pointing at the sender's site (which the sender could keep editing, and which would tear down the recipient's domain if the sender ever deleted that site).
• Custom domain teardown no longer leaks AWS infrastructure on site delete — Deleting a published site that had a linked custom domain disabled the CloudFront distribution but never actually deleted it, leaving the disabled distribution and its SSL certificate orphaned. The site-delete handler now hands the row off to the same DB-backed reaper the standalone domain delete already used.
• Domain purchase no longer takes payment without provisioning — The Stripe checkout session is now created after the database row is claimed. If the row claim fails (transient DB error, or a unique-constraint race against another user buying the same domain), the user gets a clean 409 instead of a Stripe charge with no tracking row. Stripe failures after the claim roll back the row so the domain becomes purchasable again.
• "Change site" no longer reports false failures on cache-invalidation hiccups — When CloudFront's cache invalidation API hit a transient error during a change-site operation, the whole operation was reported as failed even though the origin update had already succeeded. The invalidation is now best-effort with a warning log; the origin change is consistent and edge caches refresh naturally as their TTL expires.
• Cleaner SIGTERM/SIGINT handling — Container shutdown no longer crashes with a stale cfCleanupTimer ReferenceError. Replaced with a single gracefulShutdown handler that drains in-flight HTTP requests and force-exits after 8 seconds if server.close() hangs.

New Features

• Autopilot Mode for Agent Edits — New header toggle that lets Agent Mode auto-apply file writes and edits without showing the diff preview modal. Per-edit progress still surfaces in the activity toast (with a ⚡ icon to distinguish autopilot writes from reviewed ones), so you stay informed without being interrupted. State persists across restarts. Works for both Claude Agent SDK and Gemini Agent.
• Gemini Agent: AskUserQuestion tool — Gemini agent can now pause mid-task to ask a clarifying question via a modal, instead of guessing on long autonomous runs. Mirrors the Claude Agent SDK's AskUserQuestion behavior.
• Gemini Agent: environment context injection — Each run now injects cwd, platform, shell, OS version, git branch + status, model identity, knowledge cutoff, and today's date into the system prompt. Prevents wrong-OS suggestions and stops the agent from stepping on uncommitted work.
• Gemini Agent: longer autonomous runs — Raised MAX_AGENT_TURNS from 25 → 200 and MAX_SUB_AGENT_TURNS from 10 → 50, matching Claude Code's effectively-unlimited default. Fixes premature "agent quit after 25 turns" cutoffs on legitimate multi-step work.
• Background SSL provisioning for custom domains — The domain purchase modal no longer blocks for the 5–60 minute SSL/CDN steps. After payment + the registrar/DNS handshake, it flips to a "submitted" state with a TLD-aware ETA and hands the domain off to a background watcher. Live status flows through Settings → Custom Domains, with toasts on completion and a boot-time catch-up that surfaces transitions that happened while the app was closed.

Fixes & Improvements

• Friendlier "awaiting payment" UI — The domain purchase modal no longer shows a raw payment_pending code chip while waiting for Stripe confirmation. Replaced with a soft blue info pill containing a spinner and a human label ("Waiting for payment", "Registering domain", etc) that updates as the backend status advances.
• Faster stuck-row recovery — The Retry button on Settings → Custom Domains now appears after only 3 minutes of in-progress staleness (down from 60 minutes), and explicitly says it's safe to click. The visual "failed" treatment is unchanged at 60 minutes — Retry is now a softer manual nudge for Stripe webhook hiccups.
• Clearer payment-wait copy — The awaiting-payment screen now correctly explains that we're waiting on the backend to confirm Stripe (not on the user to pay), and always exposes a "Continue in background" escape hatch.
• Subscription status auth fix — Fixed a pre-existing 401 on the subscription-status fetch by adding the Bearer token header — backend now requires auth on that endpoint.

Fixes

• Fixed "Request validation failed" error — All LLM and Agent Mode requests were failing because the Electron client was not sending the Supabase auth token to the server's validation endpoint. Both validateRequest and getSubscriptionStatus API calls now include the Authorization: Bearer header.
• Better error messages for validation failures — Validation errors now surface the actual failure reason (timeout, auth issue, network error) instead of a generic "Request validation failed" message.

New Features

• Retry domain provisioning — If domain setup gets stuck after payment, you can now retry provisioning directly from the app. Added IPC plumbing between the Electron client and backend for manual retry triggers.

Security

• Production error messages sanitized — API error responses no longer leak internal details (DB column names, AWS errors, Porkbun internals) in production.
• Security headers on user-content subdomain — Added HSTS, Content-Security-Policy with frame-ancestors 'none', and changed X-Frame-Options to DENY on the wildcard subdomain block, preventing cross-subdomain iframe attacks.
• Auth client privilege reduction — Auth verification client now uses the anon key instead of the service role key.

Fixes & Improvements

• Orphaned CloudFront distributions tracked and retried — Background distribution deletions are now tracked in-memory with a periodic retry scanner every 15 minutes. Timeout increased from 10 to 15 minutes.
• Domain renewal scanner runs more frequently — Increased from once per day to every 6 hours, with escalating urgency levels (critical/urgent/warning) based on days until expiry.
• Stripe webhook uses shared orchestrator — Domain provisioning triggered by Stripe webhooks now uses the singleton DomainOrchestrator, fixing missing SSE progress events and a broken concurrency guard.
• Partial upload rollback — When a deploy fails due to too many upload errors, successfully-uploaded files are now rolled back instead of left orphaned in S3.
• Partial upload threshold fixed — Exactly 10% file failure now correctly triggers the failure path (was off-by-one).
• Domain info status field fixed — Removed a nonsensical TLD fallback that could return "com" as a domain status.
• changeSite ownership check — The orchestrator now verifies subdomain ownership defensively, not just the route handler.
• deploy_log cleanup activated — The pg_cron schedule for hourly cleanup of old deploy log entries is now active.

Security

• Shell injection fix in Grep tool — Switched from shell execution to direct process spawn, eliminating a potential shell injection vector in Agent Mode's Grep tool.

Gemini Agent Mode Improvements

• 3-layer tool result size management — New graduated truncation system prevents context window overflow during long Gemini agent sessions. Results are progressively compressed across three layers before hitting the model's limits.
• Claude Code-like features — Gemini agent orchestrator gains WebFetch tool support, sub-agent spawning, and improved concurrent tool execution, bringing it closer to parity with Claude Agent Mode.

Fixes & Improvements

• Fixed false "Agent could not run" error — Resolved a startup error that incorrectly reported Gemini agent sessions as failed.
• Broader overflow detection — Layer 3 overflow detection now catches Gemini HTTP 400 errors in addition to existing overflow signals.
• Fixed response accumulation bug — Intermediate model text no longer leaks into the final response during agent loops.
• Race condition fix — User messages are now removed by ID instead of pop(), preventing a race condition when messages arrive mid-removal.
• Thought structure preserved during compaction — Aggressive context compaction no longer corrupts thought block structure.
• Sub-agent truncation — Tool result truncation layers now correctly apply inside sub-agent loops.
• Streaming suppressed during compaction retry — Prevents partial/duplicate content from reaching the UI during context compaction retries.
• capAggregateResultSize fixed — The function now actually shrinks oversized results to the target size instead of silently passing them through.
• WebFetch hardened — Body streaming now enforces size limits and a full-lifecycle timeout, preventing runaway fetches.
• Gemini agent error metadata — All error and abort return paths now include proper agentMeta, fixing missing progress indicators on failures.

Fixes & Improvements

• Custom domain shown after publish — Users with a custom domain linked to their site now see the custom domain URL (e.g. shamikashabnam.com) on the publish success screen instead of the .porkicoder.com subdomain.
• "Get Custom Domain" button hidden when not needed — The button no longer appears after every publish if the user already has an active custom domain for that site.

New Features

• Custom Domain Management in Settings — View all your custom domains with status badges (active, provisioning, renewal due), linked subdomains, and expiry dates directly in Settings.
• Change Site — Re-point any active custom domain to a different published site via a dropdown, right from Settings.
• Internal Domain Transfer — Transfer domain ownership to another PorkiCoder user by email. Two-step inline confirmation with real-time status. No premium requirement for the recipient.
• External Transfer Support — Dedicated "Transfer Out" action with direct support contact for transferring domains to external registrars.

Fixes & Improvements

• Fixed Change Site dropdown not working after domain transfer — recipient can now re-link the domain to their own site.
• Fixed CloudFront 504 errors on pre-migration distributions by ensuring http-only protocol for S3 origins.
• Domain card layout now stacks vertically, preventing text wrapping issues with long subdomain names.
• Published site storage migrated from Supabase Storage to S3 on the backend — eliminates Content-Type and CSP header workarounds.

Fixes

• Missing dependency fix — Added missing glob package that caused a crash on launch ("Cannot find module 'glob'") in the Gemini Agent orchestrator.

New Features

• Gemini Agent Mode — Gemini models now have a full Claude Code-style agent loop built from scratch. Concurrent tool execution, WebFetch tool support, and Google Search grounding let Gemini autonomously read, search, run commands, and browse the web inside your project — just like Claude Agent Mode.
• Publish-to-Web — Premium users can now publish any project as a live site at <name>.porkicoder.com. One-click deploy directly from the IDE with automatic subdomain provisioning.

Fixes & Improvements

• Removed terminal session grid view overlay for a cleaner terminal experience.
• Cleaned up unused dependencies for a smaller install footprint.

Fixes & Improvements

• Zero-Loss Terminal Detach & Reattach — PTY output is now buffered in the main process during detach/reattach transitions and replayed once the receiving window is ready. No terminal content is lost during window transfers, even with rapid detach→reattach cycles.
• Stale Mouse Mode Reset on Process Exit — When a process that enabled mouse tracking (vim, htop, less) exits or is killed, terminal modes are now explicitly reset. Previously, clicking in a terminal with stale mouse tracking could trigger an accidental restart that wiped the scrollback buffer.
• Buffer serialization timeout increased from 3s to 10s, preventing content loss when reattaching terminals with large scrollback.
• Exit events during transitions are now captured and delivered alongside buffered data, so terminals that die mid-transfer show "press any key to restart" instead of appearing stuck.
• Fall back to original main-window buffer when the detached window closes before initializing its controllers.
• removeTerminal() now properly awaits destroy() for clean PTY shutdown before DOM removal.

New Features

• Drag & Drop Files / Images into Terminal — Drop any file or image directly onto the terminal and its shell-escaped path is typed at the cursor. Pairs naturally with Claude Code running in the terminal — drag a screenshot or design file and it lands ready to reference.

New Features

• Multi-Session Terminal Management — Run up to 6 concurrent Claude Code sessions in dedicated terminal tabs. Each tab gets activity indicators (pulsing green dot for live output, amber when idle), an auto-assigned cyberpunk color palette, and persistent tab names (double-click to rename). Navigate with Cmd+1-9 or cycle with Cmd+Shift+[ / Cmd+Shift+]. Quick-launch a Claude Code session with Cmd+Shift+C. A session grid view overlay shows all terminals at a glance.
• Multi-Panel Split View — Toggle a CSS grid layout that shows all open terminals simultaneously in up to 3 columns. The active terminal is highlighted with its tab color. Click any panel to focus it. Works in both the main window and detached terminal windows.
• Terminal-to-AI-Chat Bridge — A "Send to Chat" button captures the active terminal's recent output (or current selection) and pre-fills it as a code block in the chat input. Type @terminal in the chat for autocomplete that injects the terminal buffer as inline context to the LLM. Powered by a 200-line ANSI-stripped rolling buffer.

Fixes & Improvements

• Kill orphaned PTY processes on app quit to prevent zombie processes.
• Reentry guard for toggleDetach() preventing concurrent detach/reattach operations.
• Fix attachToExisting() concurrent init race and missing error handling.
• Await async destroy before window.close() in detached terminal for clean shutdown.
• Close grid modal before detach to prevent listener leaks and stale DOM.
• Wire onInactiveOutput in detached window so tab activity dots show correctly.
• Validate DOM before toggling multi-panel state, preventing null reference errors.
• Set _cwd in attachToExisting() for correct restart directory.
• Cap _lineResidue at 10KB to prevent memory growth from oversized lines.
• Improved error handling in addClaudeSession() with graceful fallback.
• Keyboard shortcuts now use event.code for consistent behavior across keyboard layouts.
• Balanced multi-panel grid layout (2×2 for 4 terminals instead of 4×1).
• Track restart-on-keypress disposable for proper cleanup.
• Guard auto-scroll setTimeout against early destroy.
• Prevent visibility/resize listener accumulation on repeated panel toggles.
• Fix keyboard shortcuts using event.code for bracket keys across layouts.

New Features

• Multi-Screen Preview Navigation — Preview mode now discovers all HTML files in your project. Use ← → arrow keys (or the nav buttons in the preview header) to navigate between screens. The header shows the current filename and position (e.g. admin.html 2/3).
• Preview Any HTML File — Live preview no longer requires an index.html. Any .html file in your project is directly accessible; if no index.html exists, the first HTML file found is served automatically.
• Svelte & Vue Frontend Detection — Projects with .svelte or .vue entry files are surfaced in the preview navigator. Selecting one shows a clear build-step guide (npm install && npm run dev) instead of a blank page.

New Features

• Project Instructions (porki.md) — Drop a porki.md file in your project root and PorkiCoder's agent will load it as persistent project-level instructions, giving the AI full context on your codebase conventions, architecture, and preferences.
• Copy Button on Chat Messages — Every AI response now has a one-click copy icon so you can grab code or text without selecting.
• Element Attachments in Chat — You can now attach elements (images, files) directly into the chat for richer context when prompting the AI.
• Preview Error Auto-Send — When your live preview hits an error, PorkiCoder automatically sends it to the AI so it can diagnose and fix it without you copy-pasting stack traces.
• Agent Cancel Button — The stop button now properly cancels agent mode with a clean abort mechanism and double-send guard.
• Auto-Open Agent Projects — When the agent creates a new project, the sidebar automatically opens it as soon as the first file is written — no more manual navigation.
• Terminal Transcript Preview — Full transcript preview is now available in the terminal script picker.

Linux ARM64 Support

• Full Linux ARM64 build pipeline with auto-launched Docker cross-compilation from macOS.
• Fixed node-pty binary corruption when building Linux Docker images on macOS.
• Updated native modules and build scripts for ARM64 compatibility.

Fixes & Improvements

• Agent SDK no longer crashes when settingSources is empty — prevented an exit code 1 failure.
• Agent now retries with a fresh session when the SDK session goes stale, and no longer fails silently when Claude Code is unauthenticated.
• Sidebar no longer opens the parent folder instead of new projects — replaced 60 lines of heuristics with actual file paths.
• Cancel button no longer nukes the sidebar; Bash file writes are now tracked for auto-open.
• Executables and compiled binaries are now hidden from the sidebar file tree.
• Live preview no longer refreshes itself into oblivion when the terminal panel is open.
• Fixed packaged app not finding npm, which caused live preview to fail on full-stack projects.
• Upgraded electron-builder to v26 to fix node-gyp failures with Python 3.14.
• Fixed escaped HTML in stderr output, backtick injection, and sidebar race conditions.
• Removed 660 lines of terminal transcript context pollution for cleaner agent interactions.
• Closed isGenerating race window and ensured all AI messages have IDs.

New Features

• Live Preview — See your project running directly inside PorkiCoder without leaving the editor. Click the preview button to launch on a local port and start working visually.
• Smart Project Detection — PorkiCoder automatically detects your project type and picks the best preview strategy: Vite projects get native HMR, framework projects (Next.js, Nuxt, CRA) run npm run dev with auto port detection, and static sites get a built-in HTTP server with WebSocket live reload.
• Auto-reload — File changes trigger instant browser refresh, debounced to handle rapid multi-file saves from the AI agent.
• Framework-aware — Detects package managers (npm, yarn, pnpm, bun) and respects each framework's conventions.
• Graceful fallback — If Vite or a dev command fails, PorkiCoder falls back to static serving automatically.
• Zero config — No setup required. Open a project, hit preview, and it works.

New Features

• Claude Agent SDK Integration — Agent Mode now runs on the official @anthropic-ai/claude-agent-sdk, enabling autonomous multi-step tool use directly inside PorkiCoder.
• Human-in-the-loop Diff Review — Agent file writes now route through a blocking diff review bridge. Every edit is shown in a Monaco Diff Editor modal for you to accept or reject before it touches your codebase.
• Full Tool Suite in Agent Mode — Agent can now use Read, Glob, Grep, Bash, WebSearch, WebFetch, and sub-Agent tools autonomously to understand and modify your project.
• Resumable Agent Sessions — Agent conversations are now persisted per thread, so you can pick up complex multi-step tasks exactly where you left off.
• Adaptive Thinking with Streaming — Extended thinking is enabled in Agent Mode with thinking deltas streamed live to the UI, so you can follow the agent's reasoning in real time.
• Agent Progress Cards — New toast-style progress cards show planning, turn-start, tool-start, thinking, and generation-complete events as the agent works.
• Added Kimi model support — Kimi (Moonshot AI) joins Claude, GPT, Gemini, and Grok as a supported provider.

Fixes & Improvements

• Agent Mode now serializes diff reviews — only one review shown at a time with a 5-minute timeout to prevent stalls.
• Improved chat history management with a 40-message sliding window for better context handling.
• EventManager cleanup on app exit to prevent memory leaks from stale listeners.

New Features

• Thinking tokens are now stripped from model responses, reducing cost and improving output accuracy.
• Web search is now available on all models — including OpenAI, Gemini, and Anthropic. No longer limited to specific models.
• Effort controls for all models — Low, Medium, High, and Max settings are now available across every model. Current effort level is shown as green bars in chatview, and can be adjusted with ⌘ + ↑ / ⌘ + ↓.

New Features

• Introducing Agent Mode — capable of running shell commands directly in chatview.
• Max, High, Medium, Low Effort controls added for Claude Opus 4.6 and Sonnet 4.6.
• Better guardrails for less error prone code application.
• Added Codex 5.3 Medium and Codex 5.3 High models.

Fixes & Improvements

• Overall UI improvements for Chatview and Autocomplete file tagging mechanism.

New Features

• New file creation can now happen from chatview.

Fixes & Improvements

• Code block generation made more robust in chatview making allowances for LLM generated errors.

New Features

• Added git status indicator for files in the side panel.
• Added auto-apply option for multi-file code application in one-go.
• Code blocks now show as collapsible/expandable blocks for easier scrolling and navigation.
• Diff preview has been fully refurbished — now displays line-by-line stats for lines added and removed, alongside a completely redesigned, more polished interface.

New Models

• Added Claude Opus 4.6 and Claude Opus 4.6 Max — Anthropic's most capable models yet.
• Added Claude Sonnet 4.6 for fast, balanced code generation.
• Added Gemini 3.1 Pro and Gemini 3.1 Flash from Google DeepMind.

Fixes & Improvements

• Polished overall UI with a range of visual consistency improvements.
• Resolved terminal bugs causing unexpected output and instability.
• Fixed sidebar panel issues including incorrect file tree states and refresh glitches.

Fixes & Improvements

• Fixed terminal glitches for a smoother command-line experience.
• Resolved app slowdown when opening projects containing Python virtual environments.

New Features

• Added "Open in Finder" option to sidebar context menu for quick file access.

Fixes & Improvements

• Improved UI behavior on shrinking screens for better responsive layout.
• Resolved issues with selection of multiple files with the same name.
• Fixed filepath extraction for new files.
• Fixed issues with new file creation via chatview.
• Other minor quality of life improvements relating to UI resizing.

New Features

• Added Gemini 3 Pro and Opus 4.5 models.
• Added Zen Mode for full screen code viewing.

Fixes & Improvements

• Squashed bugs with terminal and sidebar panel.
• Improved coding for Normie Mode patches.
• Fixed HTML rendering in chatview.
• Can now view .ejs files in sidebar search.

New Features

• Added GPT-5 High and GPT-5 Medium to the list of available models, expanding your options for code generation and analysis.

Fixes & Improvements

• Real-time Sidebar Sync: Resolved an issue where the sidebar file tree did not update in real-time to reflect file changes, ensuring your project view is always current.
• Editor Display Fix: Fixed a bug where the editor would not display code modifications made by Claude models until the file was reopened. Changes are now reflected instantly.
• Terminal Display Correction: Corrected a minor display issue with a trailing '%' symbol appearing in the integrated terminal output on certain platforms.