much improved search

wip
some small fixes
2025-09-08 17:06:42 +00:00 · 2025-08-31 00:25:03 +02:00 · 2025-08-30 15:06:49 +02:00 · 2025-08-30 15:05:32 +02:00 · 2025-08-30 14:34:29 +02:00 · 2025-08-30 14:15:22 +02:00
57 changed files with 4697 additions and 537 deletions
--- a/.example.env
+++ b/.example.env
@@ -1,2 +0,0 @@
-# Your openrouter.ai token
-OPENROUTER_TOKEN = ""
--- a/.github/chat.png
+++ b/.github/chat.png
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -44,6 +44,15 @@ jobs:
    - name: Build ${{ matrix.goos }}_${{ matrix.goarch }}
      shell: bash
      run: |
+        for f in static/css/*.css static/js/*.js static/lib/*.css static/lib/*.js; do
+          [ -f "$f" ] || continue
+
+          hash=$(sha1sum "$f" | cut -c1-8)
+          filepath=${f#static/}
+
+          sed -i "s|\([\"']$filepath\)[\"']|\1?v=$hash\"|g" static/index.html
+        done
+
        mkdir -p build
        [[ "${{ matrix.goos }}" == "windows" ]] && EXT=".exe" || EXT=""

@@ -57,9 +66,10 @@ jobs:
          -o "build/whiskr${EXT}" .

        cp -r static build/static
-        cp .example.env build/.env
-        tar -czvf build/whiskr_${{ github.ref_name }}_${{ matrix.goos }}_${{ matrix.goarch }}.tar.gz -C build "whiskr${EXT}" static
-        rm -rf build/static build/.env "build/whiskr${EXT}"
+        cp -r prompts build/prompts
+        cp example.config.yml build/config.yml
+        tar -czvf build/whiskr_${{ github.ref_name }}_${{ matrix.goos }}_${{ matrix.goarch }}.tar.gz -C build "whiskr${EXT}" static prompts config.yml
+        rm -rf build/static build/prompts build/config.yml "build/whiskr${EXT}"

    - name: Upload artifact
      uses: actions/upload-artifact@v4
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-.env
-debug.json
+config.yml
+/*.json
--- a/README.md
+++ b/README.md
@@ -12,21 +12,31 @@ whiskr is a private, self-hosted web chat interface for interacting with AI mode
 - Edit, delete, or copy any message
 - Persistent settings for model, temperature, and other parameters
 - Full conversation control including clearing and modifying messages
+- Title generation (and refresh)
 - Smooth UI updates with [morphdom](https://github.com/patrick-steele-idem/morphdom), selections, images, and other state are preserved during updates
 - Easy model selection:
  - Tags indicate if a model supports **tools**, **vision**, or **reasoning**
  - Search field with fuzzy matching to quickly find models
  - Models are listed newest -> oldest
+- Web search tools (set the `tokens.exa` to enable):
+  - `search_web`: search via Exa in auto mode; returns up to 10 results with short summaries
+  - `fetch_contents`: fetch page contents for one or more URLs via Exa /contents
+  - `github_repository`: get a quick overview of a GitHub repository (repo info, up to 20 branches, top-level files/dirs, and the README) without cloning (optionally set `tokens.github` for higher rate limits and private repos)
+- Images attachments for vision models using simple markdown image tags
+- Text/Code file attachments
 - Reasoning effort control
- Web search tool
 - Structured JSON output
+- Statistics for messages (provider, ttft, tps, token count and cost)
+- Import and export of chats as JSON files
+- Authentication (optional)

 ## TODO

- Statistics for messages (tps, token count, etc.)
- Retry button for assistant messages
- Import and export of chats
- Image and file attachments
+- improved custom prompts
+- settings
+  - auto-retry on edit
+  - ctrl+enter vs enter for sending
+- multiple chats

 ## Built With

@@ -41,13 +51,15 @@ whiskr is a private, self-hosted web chat interface for interacting with AI mode

 **Backend**
 - Go
+- [chi/v5](https://go-chi.io/) for the http routing/server
 - [OpenRouter](https://openrouter.ai/) for model list and completions
+- [Exa](https://exa.ai/) for web search and content retrieval (`/search`, `/contents`)

 ## Getting Started

-1. Copy `.example.env` to `.env` and set `OPENROUTER_TOKEN`:
+1. Copy `example.config.yml` to `config.yml` and set `tokens.openrouter`:
 ```bash
-cp .example.env .env
+cp example.config.yml config.yml
 ```
 2. Build and run:
 ```bash
@@ -56,6 +68,53 @@ go build -o whiskr
 ```
 3. Open `http://localhost:3443` in your browser.

+## Authentication (optional)
+
+whiskr supports simple, stateless authentication. If enabled, users must log in with a username and password before accessing the chat. Passwords are hashed using bcrypt (12 rounds). If `authentication.enabled` is set to `false`, whiskr will not prompt for authentication at all.
+
+```yaml
+authentication:
+  enabled: true
+  users:
+    - username: laura
+      password: "$2a$12$cIvFwVDqzn18wyk37l4b2OA0UyjLYP1GdRIMYbNqvm1uPlQjC/j6e"
+    - username: admin
+      password: "$2a$12$mhImN70h05wnqPxWTci8I.RzomQt9vyLrjWN9ilaV1.GIghcGq.Iy"
+```
+
+After a successful login, whiskr issues a signed (HMAC-SHA256) token, using the server secret (`tokens.secret` in `config.yml`). This is stored as a cookie and re-used for future authentications.
+
+## Nginx (optional)
+
+When running behind a reverse proxy like nginx, you can have the proxy serve static files.
+
+```ngnix
+server {
+    listen 443 ssl;
+    server_name chat.example.com;
+    http2 on;
+
+    root /path/to/whiskr/static;
+
+    location / {
+        index index.html index.htm;
+
+        etag on;
+        add_header Cache-Control "public, max-age=2592000, must-revalidate";
+        expires 30d;
+    }
+
+    location ~ ^/- {
+        proxy_pass       http://127.0.0.1:3443;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header Host            $host;
+    }
+
+    ssl_certificate /path/to/cert.pem;
+    ssl_certificate_key /path/to/key.pem;
+}
+```
+
 ## Usage

 - Send a message with `Ctrl+Enter` or the send button
@@ -64,6 +123,7 @@ go build -o whiskr
 - Adjust model, temperature, prompt, or message role from the controls in the bottom-left
 - Use the model search field to quickly find models (supports fuzzy matching)
 - Look for tags in the model list to see if a model supports tools, vision, or reasoning
+- Use `![alt](url)` in your message to display an image inline. If the model supports vision, the same image URL is passed to the model for multimodal input.

 ## License

--- a/auth.go
+++ b/auth.go
@@ -0,0 +1,125 @@
+package main
+
+import (
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"net/http"
+	"strings"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+type AuthenticationRequest struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+func (u *EnvUser) Signature(secret string) []byte {
+	mac := hmac.New(sha256.New, []byte(secret))
+
+	mac.Write([]byte(u.Password))
+	mac.Write([]byte(u.Username))
+
+	return mac.Sum(nil)
+}
+
+func (e *Environment) Authenticate(username, password string) *EnvUser {
+	user, ok := e.Authentication.lookup[username]
+	if !ok {
+		return nil
+	}
+
+	if bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password)) != nil {
+		return nil
+	}
+
+	return user
+}
+
+func (e *Environment) SignAuthToken(user *EnvUser) string {
+	signature := user.Signature(e.Tokens.Secret)
+
+	return user.Username + ":" + hex.EncodeToString(signature)
+}
+
+func (e *Environment) VerifyAuthToken(token string) bool {
+	index := strings.Index(token, ":")
+	if index == -1 {
+		return false
+	}
+
+	username := token[:index]
+
+	user, ok := e.Authentication.lookup[username]
+	if !ok {
+		return false
+	}
+
+	signature, err := hex.DecodeString(token[index+1:])
+	if err != nil {
+		return false
+	}
+
+	expected := user.Signature(e.Tokens.Secret)
+
+	return hmac.Equal(signature, expected)
+}
+
+func IsAuthenticated(r *http.Request) bool {
+	if !env.Authentication.Enabled {
+		return true
+	}
+
+	cookie, err := r.Cookie("whiskr_token")
+	if err != nil {
+		return false
+	}
+
+	return env.VerifyAuthToken(cookie.Value)
+}
+
+func Authenticate(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if !IsAuthenticated(r) {
+			RespondJson(w, http.StatusUnauthorized, map[string]any{
+				"error": "unauthorized",
+			})
+
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}
+
+func HandleAuthentication(w http.ResponseWriter, r *http.Request) {
+	var request AuthenticationRequest
+
+	if err := json.NewDecoder(r.Body).Decode(&request); err != nil {
+		RespondJson(w, http.StatusBadRequest, map[string]any{
+			"error": "missing username or password",
+		})
+
+		return
+	}
+
+	user := env.Authenticate(request.Username, request.Password)
+	if user == nil {
+		RespondJson(w, http.StatusUnauthorized, map[string]any{
+			"error": "invalid username or password",
+		})
+
+		return
+	}
+
+	http.SetCookie(w, &http.Cookie{
+		Name:  "whiskr_token",
+		Value: env.SignAuthToken(user),
+	})
+
+	RespondJson(w, http.StatusOK, map[string]any{
+		"authenticated": true,
+	})
+}
--- a/chat.go
+++ b/chat.go
@@ -1,18 +1,38 @@
 package main

 import (
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"net/http"
+	"regexp"
+	"strings"

 	"github.com/revrost/go-openrouter"
 )

+type ToolCall struct {
+	ID      string  `json:"id"`
+	Name    string  `json:"name"`
+	Args    string  `json:"args"`
+	Result  string  `json:"result,omitempty"`
+	Done    bool    `json:"done,omitempty"`
+	Invalid bool    `json:"invalid,omitempty"`
+	Cost    float64 `json:"cost,omitempty"`
+}
+
+type TextFile struct {
+	Name    string `json:"name"`
+	Content string `json:"content"`
+}
+
 type Message struct {
-	Role string `json:"role"`
-	Text string `json:"text"`
+	Role  string     `json:"role"`
+	Text  string     `json:"text"`
+	Tool  *ToolCall  `json:"tool"`
+	Files []TextFile `json:"files"`
 }

 type Reasoning struct {
@@ -20,16 +40,61 @@ type Reasoning struct {
 	Tokens int    `json:"tokens"`
 }

+type Tools struct {
+	JSON   bool `json:"json"`
+	Search bool `json:"search"`
+}
+
+type Metadata struct {
+	Timezone string `json:"timezone"`
+	Platform string `json:"platform"`
+}
+
 type Request struct {
 	Prompt      string    `json:"prompt"`
 	Model       string    `json:"model"`
 	Temperature float64   `json:"temperature"`
-	JSON        bool      `json:"json"`
-	Search      bool      `json:"search"`
+	Iterations  int64     `json:"iterations"`
+	Tools       Tools     `json:"tools"`
 	Reasoning   Reasoning `json:"reasoning"`
+	Metadata    Metadata  `json:"metadata"`
 	Messages    []Message `json:"messages"`
 }

+func (t *ToolCall) AsAssistantToolCall(content string) openrouter.ChatCompletionMessage {
+	// Some models require there to be content
+	if content == "" {
+		content = " "
+	}
+
+	return openrouter.ChatCompletionMessage{
+		Role: openrouter.ChatMessageRoleAssistant,
+		Content: openrouter.Content{
+			Text: content,
+		},
+		ToolCalls: []openrouter.ToolCall{
+			{
+				ID:   t.ID,
+				Type: openrouter.ToolTypeFunction,
+				Function: openrouter.FunctionCall{
+					Name:      t.Name,
+					Arguments: t.Args,
+				},
+			},
+		},
+	}
+}
+
+func (t *ToolCall) AsToolMessage() openrouter.ChatCompletionMessage {
+	return openrouter.ChatCompletionMessage{
+		Role:       openrouter.ChatMessageRoleTool,
+		ToolCallID: t.ID,
+		Content: openrouter.Content{
+			Text: t.Result,
+		},
+	}
+}
+
 func (r *Request) Parse() (*openrouter.ChatCompletionRequest, error) {
 	var request openrouter.ChatCompletionRequest

@@ -40,6 +105,10 @@ func (r *Request) Parse() (*openrouter.ChatCompletionRequest, error) {

 	request.Model = r.Model

+	if r.Iterations < 1 || r.Iterations > 50 {
+		return nil, fmt.Errorf("invalid iterations (1-50): %d", r.Iterations)
+	}
+
 	if r.Temperature < 0 || r.Temperature > 2 {
 		return nil, fmt.Errorf("invalid temperature (0-2): %f", r.Temperature)
 	}
@@ -61,19 +130,13 @@ func (r *Request) Parse() (*openrouter.ChatCompletionRequest, error) {
 		}
 	}

-	if model.JSON && r.JSON {
+	if model.JSON && r.Tools.JSON {
 		request.ResponseFormat = &openrouter.ChatCompletionResponseFormat{
 			Type: openrouter.ChatCompletionResponseFormatTypeJSONObject,
 		}
 	}

-	if r.Search {
-		request.Plugins = append(request.Plugins, openrouter.ChatCompletionPlugin{
-			ID: openrouter.PluginIDWeb,
-		})
-	}
-
-	prompt, err := BuildPrompt(r.Prompt, model)
+	prompt, err := BuildPrompt(r.Prompt, r.Metadata, model)
 	if err != nil {
 		return nil, err
 	}
@@ -82,23 +145,98 @@ func (r *Request) Parse() (*openrouter.ChatCompletionRequest, error) {
 		request.Messages = append(request.Messages, openrouter.SystemMessage(prompt))
 	}

-	for index, message := range r.Messages {
-		if message.Role != openrouter.ChatMessageRoleSystem && message.Role != openrouter.ChatMessageRoleAssistant && message.Role != openrouter.ChatMessageRoleUser {
-			return nil, fmt.Errorf("[%d] invalid role: %q", index+1, message.Role)
-		}
+	if model.Tools && r.Tools.Search && env.Tokens.Exa != "" && r.Iterations > 1 {
+		request.Tools = GetSearchTools()
+		request.ToolChoice = "auto"

-		request.Messages = append(request.Messages, openrouter.ChatCompletionMessage{
-			Role: message.Role,
-			Content: openrouter.Content{
-				Text: message.Text,
-			},
-		})
+		request.Messages = append(
+			request.Messages,
+			openrouter.SystemMessage(fmt.Sprintf(InternalToolsPrompt, r.Iterations-1)),
+		)
+	}
+
+	for _, message := range r.Messages {
+		message.Text = strings.ReplaceAll(message.Text, "\r", "")
+
+		switch message.Role {
+		case "system":
+			request.Messages = append(request.Messages, openrouter.ChatCompletionMessage{
+				Role: message.Role,
+				Content: openrouter.Content{
+					Text: message.Text,
+				},
+			})
+		case "user":
+			var content openrouter.Content
+
+			if model.Vision && strings.Contains(message.Text, "![") {
+				content.Multi = SplitImagePairs(message.Text)
+			} else {
+				content.Text = message.Text
+			}
+
+			if len(message.Files) > 0 {
+				if content.Text != "" {
+					content.Multi = append(content.Multi, openrouter.ChatMessagePart{
+						Type: openrouter.ChatMessagePartTypeText,
+						Text: content.Text,
+					})
+
+					content.Text = ""
+				}
+
+				for i, file := range message.Files {
+					if len(file.Name) > 512 {
+						return nil, fmt.Errorf("file %d is invalid (name too long, max 512 characters)", i)
+					} else if len(file.Content) > 4*1024*1024 {
+						return nil, fmt.Errorf("file %d is invalid (too big, max 4MB)", i)
+					}
+
+					lines := strings.Count(file.Content, "\n") + 1
+
+					content.Multi = append(content.Multi, openrouter.ChatMessagePart{
+						Type: openrouter.ChatMessagePartTypeText,
+						Text: fmt.Sprintf(
+							"FILE %q LINES %d\n<<CONTENT>>\n%s\n<<END>>",
+							file.Name,
+							lines,
+							file.Content,
+						),
+					})
+				}
+			}
+
+			request.Messages = append(request.Messages, openrouter.ChatCompletionMessage{
+				Role:    message.Role,
+				Content: content,
+			})
+		case "assistant":
+			msg := openrouter.ChatCompletionMessage{
+				Role: openrouter.ChatMessageRoleAssistant,
+				Content: openrouter.Content{
+					Text: message.Text,
+				},
+			}
+
+			tool := message.Tool
+			if tool != nil {
+				msg = tool.AsAssistantToolCall(message.Text)
+
+				request.Messages = append(request.Messages, msg)
+
+				msg = tool.AsToolMessage()
+			}
+
+			request.Messages = append(request.Messages, msg)
+		}
 	}

 	return &request, nil
 }

 func HandleChat(w http.ResponseWriter, r *http.Request) {
+	debug("parsing chat")
+
 	var raw Request

 	if err := json.NewDecoder(r.Body).Decode(&raw); err != nil {
@@ -120,23 +258,11 @@ func HandleChat(w http.ResponseWriter, r *http.Request) {

 	request.Stream = true

-	// DEBUG
-	dump(request)
+	debug("preparing stream")

 	ctx := r.Context()

-	stream, err := OpenRouterStartStream(ctx, *request)
-	if err != nil {
-		RespondJson(w, http.StatusBadRequest, map[string]any{
-			"error": GetErrorMessage(err),
-		})
-
-		return
-	}
-
-	defer stream.Close()
-
-	response, err := NewStream(w)
+	response, err := NewStream(w, ctx)
 	if err != nil {
 		RespondJson(w, http.StatusBadRequest, map[string]any{
 			"error": err.Error(),
@@ -145,16 +271,107 @@ func HandleChat(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	debug("handling request")
+
+	for iteration := range raw.Iterations {
+		debug("iteration %d of %d", iteration+1, raw.Iterations)
+
+		if len(request.Tools) > 0 && iteration == raw.Iterations-1 {
+			debug("no more tool calls")
+
+			request.Tools = nil
+			request.ToolChoice = ""
+
+			request.Messages = append(request.Messages, openrouter.SystemMessage("You have reached the maximum number of tool calls for this conversation. Provide your final response based on the information you have gathered."))
+		}
+
+		dump("chat.json", request)
+
+		tool, message, err := RunCompletion(ctx, response, request)
+		if err != nil {
+			response.Send(ErrorChunk(err))
+
+			return
+		}
+
+		if tool == nil {
+			debug("no tool call, done")
+
+			return
+		}
+
+		debug("got %q tool call", tool.Name)
+
+		response.Send(ToolChunk(tool))
+
+		switch tool.Name {
+		case "search_web":
+			err = HandleSearchWebTool(ctx, tool)
+			if err != nil {
+				response.Send(ErrorChunk(err))
+
+				return
+			}
+		case "fetch_contents":
+			err = HandleFetchContentsTool(ctx, tool)
+			if err != nil {
+				response.Send(ErrorChunk(err))
+
+				return
+			}
+		case "github_repository":
+			err = HandleGitHubRepositoryTool(ctx, tool)
+			if err != nil {
+				response.Send(ErrorChunk(err))
+
+				return
+			}
+		default:
+			tool.Invalid = true
+			tool.Result = "error: invalid tool call"
+		}
+
+		tool.Done = true
+
+		debug("finished tool call")
+
+		response.Send(ToolChunk(tool))
+
+		request.Messages = append(request.Messages,
+			tool.AsAssistantToolCall(message),
+			tool.AsToolMessage(),
+		)
+	}
+}
+
+func RunCompletion(ctx context.Context, response *Stream, request *openrouter.ChatCompletionRequest) (*ToolCall, string, error) {
+	stream, err := OpenRouterStartStream(ctx, *request)
+	if err != nil {
+		return nil, "", err
+	}
+
+	defer stream.Close()
+
+	var (
+		id     string
+		result strings.Builder
+		tool   *ToolCall
+	)
+
 	for {
 		chunk, err := stream.Recv()
 		if err != nil {
 			if errors.Is(err, io.EOF) {
-				return
+				break
 			}

-			response.Send(ErrorChunk(err))
+			return nil, "", err
+		}

-			return
+		if id == "" {
+			id = chunk.ID
+
+			response.Send(IDChunk(id))
 		}

 		if len(chunk.Choices) == 0 {
@@ -163,21 +380,113 @@ func HandleChat(w http.ResponseWriter, r *http.Request) {

 		choice := chunk.Choices[0]

-		// DEBUG
-		debug(choice)
-
 		if choice.FinishReason == openrouter.FinishReasonContentFilter {
 			response.Send(ErrorChunk(errors.New("stopped due to content_filter")))

-			return
+			return nil, "", nil
+		}
+
+		calls := choice.Delta.ToolCalls
+
+		if len(calls) > 0 {
+			call := calls[0]
+
+			if tool == nil {
+				tool = &ToolCall{}
+			}
+
+			tool.ID += call.ID
+			tool.Name += call.Function.Name
+			tool.Args += call.Function.Arguments
+		} else if tool != nil {
+			break
 		}

 		content := choice.Delta.Content

 		if content != "" {
+			result.WriteString(content)
+
 			response.Send(TextChunk(content))
 		} else if choice.Delta.Reasoning != nil {
 			response.Send(ReasoningChunk(*choice.Delta.Reasoning))
 		}
 	}
+
+	return tool, result.String(), nil
+}
+
+func SplitImagePairs(text string) []openrouter.ChatMessagePart {
+	rgx := regexp.MustCompile(`(?m)!\[[^\]]*]\((\S+?)\)`)
+
+	var (
+		index int
+		parts []openrouter.ChatMessagePart
+	)
+
+	push := func(str, end int) {
+		if str > end {
+			return
+		}
+
+		rest := text[str:end]
+
+		if rest == "" {
+			return
+		}
+
+		total := len(parts)
+
+		if total > 0 && parts[total-1].Type == openrouter.ChatMessagePartTypeText {
+			parts[total-1].Text += rest
+
+			return
+		}
+
+		parts = append(parts, openrouter.ChatMessagePart{
+			Type: openrouter.ChatMessagePartTypeText,
+			Text: rest,
+		})
+	}
+
+	for {
+		location := rgx.FindStringSubmatchIndex(text[index:])
+		if location == nil {
+			push(index, len(text)-1)
+
+			break
+		}
+
+		start := index + location[0]
+		end := index + location[1]
+
+		urlStart := index + location[2]
+		urlEnd := index + location[3]
+
+		url := text[urlStart:urlEnd]
+
+		if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "http://") {
+			push(index, end)
+
+			index = end
+
+			continue
+		}
+
+		if start > index {
+			push(index, start)
+		}
+
+		parts = append(parts, openrouter.ChatMessagePart{
+			Type: openrouter.ChatMessagePartTypeImageURL,
+			ImageURL: &openrouter.ChatMessageImageURL{
+				Detail: openrouter.ImageURLDetailAuto,
+				URL:    url,
+			},
+		})
+
+		index = end
+	}
+
+	return parts
 }
--- a/clean.go
+++ b/clean.go
@@ -0,0 +1,21 @@
+package main
+
+import "strings"
+
+var cleaner = strings.NewReplacer(
+	"‑", "-",
+	"—", "-",
+	"–", "-",
+
+	"“", "\"",
+	"”", "\"",
+	"’", "'",
+)
+
+func CleanChunk(chunk string) string {
+	if !env.Settings.CleanContent {
+		return chunk
+	}
+
+	return cleaner.Replace(chunk)
+}
--- a/debug.go
+++ b/debug.go
@@ -5,19 +5,27 @@ import (
 	"os"
 )

-func dump(v any) {
-	if !Debug {
+func dump(name string, val any) {
+	if !env.Debug {
 		return
 	}

-	b, _ := json.MarshalIndent(v, "", "\t")
-	os.WriteFile("debug.json", b, 0644)
+	b, _ := json.MarshalIndent(val, "", "\t")
+	os.WriteFile(name, b, 0644)
 }

-func debug(v any) {
-	if !Debug {
+func debug(format string, args ...any) {
+	if !env.Debug {
 		return
 	}

-	log.Debugf("%#v\n", v)
+	log.Printf(format+"\n", args...)
+}
+
+func debugIf(cond bool, format string, args ...any) {
+	if !cond {
+		return
+	}
+
+	debug(format, args)
 }
--- a/env.go
+++ b/env.go
@@ -1,29 +1,152 @@
 package main

 import (
+	"bytes"
+	"crypto/rand"
+	"encoding/base64"
 	"errors"
+	"io"
 	"os"

-	"github.com/joho/godotenv"
+	"github.com/goccy/go-yaml"
 )

-var (
-	Debug           bool
-	NoOpen          bool
-	OpenRouterToken string
-)
+type EnvTokens struct {
+	Secret     string `json:"secret"`
+	OpenRouter string `json:"openrouter"`
+	Exa        string `json:"exa"`
+	GitHub     string `json:"github"`
+}
+
+type EnvSettings struct {
+	CleanContent bool   `json:"cleanup"`
+	TitleModel   string `json:"title-model"`
+}
+
+type EnvUser struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+type EnvAuthentication struct {
+	lookup map[string]*EnvUser
+
+	Enabled bool       `json:"enabled"`
+	Users   []*EnvUser `json:"users"`
+}
+
+type Environment struct {
+	Debug          bool              `json:"debug"`
+	Tokens         EnvTokens         `json:"tokens"`
+	Settings       EnvSettings       `json:"settings"`
+	Authentication EnvAuthentication `json:"authentication"`
+}
+
+var env = Environment{
+	// defaults
+	Settings: EnvSettings{
+		CleanContent: true,
+	},
+}

 func init() {
-	log.MustPanic(godotenv.Load())
+	file, err := os.OpenFile("config.yml", os.O_RDONLY, 0)
+	log.MustFail(err)

-	Debug = os.Getenv("DEBUG") == "true"
-	NoOpen = os.Getenv("NO_OPEN") == "true"
+	defer file.Close()

-	if OpenRouterToken = os.Getenv("OPENROUTER_TOKEN"); OpenRouterToken == "" {
-		log.Panic(errors.New("missing openrouter token"))
-	}
+	err = yaml.NewDecoder(file).Decode(&env)
+	log.MustFail(err)

-	if Debug {
-		log.Warning("Debug mode enabled")
-	}
+	log.MustFail(env.Init())
+}
+
+func (e *Environment) Init() error {
+	// print if debug is enabled
+	if e.Debug {
+		log.Warnln("Debug mode enabled")
+	}
+
+	// check if server secret is set
+	if e.Tokens.Secret == "" {
+		log.Warnln("Missing tokens.secret, generating new...")
+
+		key := make([]byte, 32)
+
+		_, err := io.ReadFull(rand.Reader, key)
+		if err != nil {
+			return err
+		}
+
+		e.Tokens.Secret = base64.StdEncoding.EncodeToString(key)
+
+		err = e.Store()
+		if err != nil {
+			return err
+		}
+
+		log.Println("Stored new tokens.secret")
+	}
+
+	// check if openrouter token is set
+	if e.Tokens.OpenRouter == "" {
+		return errors.New("missing tokens.openrouter")
+	}
+
+	// check if exa token is set
+	if e.Tokens.Exa == "" {
+		log.Warnln("Missing token.exa, web search unavailable")
+	}
+
+	// check if github token is set
+	if e.Tokens.GitHub == "" {
+		log.Warnln("Missing token.github, limited api requests")
+	}
+
+	// default title model
+	if e.Settings.TitleModel == "" {
+		e.Settings.TitleModel = "google/gemini-2.5-flash-lite"
+	}
+
+	// create user lookup map
+	e.Authentication.lookup = make(map[string]*EnvUser)
+
+	for _, user := range e.Authentication.Users {
+		e.Authentication.lookup[user.Username] = user
+	}
+
+	return nil
+}
+
+func (e *Environment) Store() error {
+	var (
+		buffer   bytes.Buffer
+		comments = yaml.CommentMap{
+			"$.debug": {yaml.HeadComment(" enable verbose logging and diagnostics")},
+
+			"$.tokens":         {yaml.HeadComment("")},
+			"$.settings":       {yaml.HeadComment("")},
+			"$.authentication": {yaml.HeadComment("")},
+
+			"$.tokens.secret":     {yaml.HeadComment(" server secret for signing auth tokens; auto-generated if empty")},
+			"$.tokens.openrouter": {yaml.HeadComment(" openrouter.ai api token (required)")},
+			"$.tokens.exa":        {yaml.HeadComment(" exa search api token (optional; used by search tools)")},
+			"$.tokens.github":     {yaml.HeadComment(" github api token (optional; used by search tools)")},
+
+			"$.settings.cleanup":     {yaml.HeadComment(" normalize unicode in assistant output (optional; default: true)")},
+			"$.settings.title-model": {yaml.HeadComment(" model used to generate titles (needs to have structured output support; default: google/gemini-2.5-flash-lite)")},
+
+			"$.authentication.enabled": {yaml.HeadComment(" require login with username and password")},
+			"$.authentication.users":   {yaml.HeadComment(" list of users with bcrypt password hashes")},
+		}
+	)
+
+	err := yaml.NewEncoder(&buffer, yaml.WithComment(comments)).Encode(e)
+	if err != nil {
+		return err
+	}
+
+	body := bytes.ReplaceAll(buffer.Bytes(), []byte("#\n"), []byte("\n"))
+
+	return os.WriteFile("config.yml", body, 0644)
 }
--- a/exa.go
+++ b/exa.go
@@ -0,0 +1,172 @@
+package main
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+)
+
+type ExaResult struct {
+	Title         string   `json:"title"`
+	URL           string   `json:"url"`
+	PublishedDate string   `json:"publishedDate,omitempty"`
+	SiteName      string   `json:"siteName,omitempty"`
+	Summary       string   `json:"summary,omitempty"`
+	Highlights    []string `json:"highlights,omitempty"`
+	Text          string   `json:"text,omitempty"`
+}
+
+type ExaCost struct {
+	Total float64 `json:"total"`
+}
+
+type ExaResults struct {
+	RequestID  string      `json:"requestId"`
+	SearchType string      `json:"resolvedSearchType"`
+	Results    []ExaResult `json:"results"`
+	Cost       ExaCost     `json:"costDollars"`
+}
+
+func (e *ExaResults) String() string {
+	var builder strings.Builder
+
+	json.NewEncoder(&builder).Encode(map[string]any{
+		"results": e.Results,
+	})
+
+	return builder.String()
+}
+
+func NewExaRequest(ctx context.Context, path string, data any) (*http.Request, error) {
+	buf, err := json.Marshal(data)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequest("POST", fmt.Sprintf("https://api.exa.ai%s", path), bytes.NewReader(buf))
+	if err != nil {
+		return nil, err
+	}
+
+	req = req.WithContext(ctx)
+
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("X-Api-Key", env.Tokens.Exa)
+
+	return req, nil
+}
+
+func RunExaRequest(req *http.Request) (*ExaResults, error) {
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+
+	defer resp.Body.Close()
+
+	var result ExaResults
+
+	err = json.NewDecoder(resp.Body).Decode(&result)
+	if err != nil {
+		return nil, err
+	}
+
+	return &result, nil
+}
+
+func ExaRunSearch(ctx context.Context, args SearchWebArguments) (*ExaResults, error) {
+	if args.NumResults <= 0 {
+		args.NumResults = 6
+	} else if args.NumResults < 3 {
+		args.NumResults = 3
+	} else if args.NumResults >= 12 {
+		args.NumResults = 12
+	}
+
+	data := map[string]any{
+		"query":      args.Query,
+		"type":       "auto",
+		"numResults": args.NumResults,
+	}
+
+	if len(args.Domains) > 0 {
+		data["includeDomains"] = args.Domains
+	}
+
+	contents := map[string]any{
+		"summary": map[string]any{},
+		"highlights": map[string]any{
+			"numSentences":     2,
+			"highlightsPerUrl": 3,
+		},
+		"livecrawl": "preferred",
+	}
+
+	switch args.Intent {
+	case "news":
+		data["category"] = "news"
+		data["numResults"] = max(8, args.NumResults)
+		data["startPublishedDate"] = daysAgo(30)
+	case "docs":
+		contents["subpages"] = 1
+		contents["subpageTarget"] = []string{"documentation", "changelog", "release notes"}
+	case "papers":
+		data["category"] = "research paper"
+		data["startPublishedDate"] = daysAgo(365 * 2)
+	case "code":
+		data["category"] = "github"
+
+		contents["subpages"] = 1
+		contents["subpageTarget"] = []string{"readme", "changelog", "code"}
+	case "deep_read":
+		contents["text"] = map[string]any{
+			"maxCharacters": 8000,
+		}
+	}
+
+	data["contents"] = contents
+
+	switch args.Recency {
+	case "month":
+		data["startPublishedDate"] = daysAgo(30)
+	case "year":
+		data["startPublishedDate"] = daysAgo(356)
+	}
+
+	req, err := NewExaRequest(ctx, "/search", data)
+	if err != nil {
+		return nil, err
+	}
+
+	return RunExaRequest(req)
+}
+
+func ExaRunContents(ctx context.Context, args FetchContentsArguments) (*ExaResults, error) {
+	data := map[string]any{
+		"urls":    args.URLs,
+		"summary": map[string]any{},
+		"highlights": map[string]any{
+			"numSentences":     2,
+			"highlightsPerUrl": 3,
+		},
+		"text": map[string]any{
+			"maxCharacters": 8000,
+		},
+		"livecrawl": "preferred",
+	}
+
+	req, err := NewExaRequest(ctx, "/contents", data)
+	if err != nil {
+		return nil, err
+	}
+
+	return RunExaRequest(req)
+}
+
+func daysAgo(days int) string {
+	return time.Now().Add(time.Duration(days) * 24 * time.Hour).Format(time.DateOnly)
+}
--- a/example.config.yml
+++ b/example.config.yml
@@ -0,0 +1,26 @@
+# enable verbose logging and diagnostics
+debug: false
+
+tokens:
+  # server secret for signing auth tokens; auto-generated if empty
+  secret: ""
+  # openrouter.ai api token (required)
+  openrouter: ""
+  # exa search api token (optional; used by search tools)
+  exa: ""
+  # github api token (optional; used by search tools)
+  github: ""
+
+settings:
+  # normalize unicode in assistant output (optional; default: true)
+  cleanup: true
+  # model used to generate titles (needs to have structured output support; default: google/gemini-2.5-flash-lite)
+  title-model: google/gemini-2.5-flash-lite
+
+authentication:
+  # require login with username and password
+  enabled: false
+  # list of users with bcrypt password hashes
+  users:
+  - username: admin
+    password: $2a$12$eH6Du2grC7aOUDmff2SrC.yKPWea/fq0d76c3JsvhGxhGCEOnWTRy
--- a/github.go
+++ b/github.go
@@ -0,0 +1,240 @@
+package main
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"sort"
+	"strings"
+	"sync"
+)
+
+type GitHubRepo struct {
+	Name          string `json:"name"`
+	HtmlURL       string `json:"html_url"`
+	Description   string `json:"description"`
+	Stargazers    int    `json:"stargazers_count"`
+	Forks         int    `json:"forks_count"`
+	Visibility    string `json:"visibility"`
+	DefaultBranch string `json:"default_branch"`
+}
+
+type GitHubContent struct {
+	Type string `json:"type"`
+	Name string `json:"name"`
+}
+
+type GitHubReadme struct {
+	Path     string `json:"path"`
+	Content  string `json:"content"`
+	Encoding string `json:"encoding"`
+}
+
+func (r *GitHubReadme) AsText() (string, error) {
+	if r.Encoding == "base64" {
+		content, err := base64.StdEncoding.DecodeString(r.Content)
+		if err != nil {
+			return "", err
+		}
+
+		return string(content), nil
+	}
+
+	return r.Content, nil
+}
+
+func NewGitHubRequest(ctx context.Context, path string) (*http.Request, error) {
+	req, err := http.NewRequest("GET", fmt.Sprintf("https://api.github.com%s", path), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	req = req.WithContext(ctx)
+
+	req.Header.Set("Accept", "application/vnd.github+json")
+
+	if env.Tokens.GitHub != "" {
+		req.Header.Set("Authorization", "Bearer "+env.Tokens.GitHub)
+	}
+
+	return req, nil
+}
+
+func GitHubRepositoryJson(ctx context.Context, owner, repo string) (*GitHubRepo, error) {
+	req, err := NewGitHubRequest(ctx, fmt.Sprintf("/repos/%s/%s", owner, repo))
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+
+	defer resp.Body.Close()
+
+	var response GitHubRepo
+
+	err = json.NewDecoder(resp.Body).Decode(&response)
+	if err != nil {
+		return nil, err
+	}
+
+	if response.Name == "" {
+		return nil, errors.New("error getting data")
+	}
+
+	if response.Description == "" {
+		response.Description = "(none)"
+	}
+
+	return &response, nil
+}
+
+func GitHubRepositoryReadmeJson(ctx context.Context, owner, repo, branch string) (*GitHubReadme, error) {
+	req, err := NewGitHubRequest(ctx, fmt.Sprintf("/repos/%s/%s/readme?ref=%s", owner, repo, branch))
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+
+	defer resp.Body.Close()
+
+	var response GitHubReadme
+
+	err = json.NewDecoder(resp.Body).Decode(&response)
+	if err != nil {
+		return nil, err
+	}
+
+	return &response, nil
+}
+
+func GitHubRepositoryContentsJson(ctx context.Context, owner, repo, branch string) ([]GitHubContent, error) {
+	req, err := NewGitHubRequest(ctx, fmt.Sprintf("/repos/%s/%s/contents?ref=%s", owner, repo, branch))
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+
+	defer resp.Body.Close()
+
+	var response []GitHubContent
+
+	err = json.NewDecoder(resp.Body).Decode(&response)
+	if err != nil {
+		return nil, err
+	}
+
+	return response, nil
+}
+
+func RepoOverview(ctx context.Context, arguments GitHubRepositoryArguments) (string, error) {
+	repository, err := GitHubRepositoryJson(ctx, arguments.Owner, arguments.Repo)
+	if err != nil {
+		return "", err
+	}
+
+	var (
+		wg sync.WaitGroup
+
+		readmeMarkdown string
+		directories    []string
+		files          []string
+	)
+
+	// fetch readme
+	wg.Add(1)
+
+	go func() {
+		defer wg.Done()
+
+		readme, err := GitHubRepositoryReadmeJson(ctx, arguments.Owner, arguments.Repo, repository.DefaultBranch)
+		if err != nil {
+			log.Warnf("failed to get repository readme: %v\n", err)
+
+			return
+		}
+
+		markdown, err := readme.AsText()
+		if err != nil {
+			log.Warnf("failed to decode repository readme: %v\n", err)
+
+			return
+		}
+
+		readmeMarkdown = markdown
+	}()
+
+	// fetch contents
+	wg.Add(1)
+
+	go func() {
+		defer wg.Done()
+
+		contents, err := GitHubRepositoryContentsJson(ctx, arguments.Owner, arguments.Repo, repository.DefaultBranch)
+		if err != nil {
+			log.Warnf("failed to get repository contents: %v\n", err)
+
+			return
+		}
+
+		for _, content := range contents {
+			switch content.Type {
+			case "dir":
+				directories = append(directories, content.Name)
+			case "file":
+				files = append(files, content.Name)
+			}
+		}
+
+		sort.Strings(directories)
+		sort.Strings(files)
+	}()
+
+	// wait and combine results
+	wg.Wait()
+
+	var builder strings.Builder
+
+	fmt.Fprintf(&builder, "### %s (%s)\n", repository.Name, repository.Visibility)
+	fmt.Fprintf(&builder, "- URL: %s\n", repository.HtmlURL)
+	fmt.Fprintf(&builder, "- Description: %s\n", strings.ReplaceAll(repository.Description, "\n", " "))
+	fmt.Fprintf(&builder, "- Default branch: %s\n", repository.DefaultBranch)
+	fmt.Fprintf(&builder, "- Stars: %d | Forks: %d\n", repository.Stargazers, repository.Forks)
+
+	builder.WriteString("\n### Top-level files and directories\n")
+
+	if len(directories) == 0 && len(files) == 0 {
+		builder.WriteString("*No entries or insufficient permissions.*\n")
+	} else {
+		for _, directory := range directories {
+			fmt.Fprintf(&builder, "- [D] %s\n", directory)
+		}
+
+		for _, file := range files {
+			fmt.Fprintf(&builder, "- [F] %s\n", file)
+		}
+	}
+
+	builder.WriteString("\n### README\n")
+
+	if readmeMarkdown == "" {
+		builder.WriteString("*No README found or could not load.*\n")
+	} else {
+		builder.WriteString(readmeMarkdown)
+	}
+
+	return builder.String(), nil
+}
--- a/go.mod
+++ b/go.mod
@@ -1,21 +1,21 @@
 module chat

-go 1.24.5
+go 1.25.0

 require (
-	github.com/coalaura/logger v1.5.1
-	github.com/go-chi/chi/v5 v5.2.2
-	github.com/joho/godotenv v1.5.1
-	github.com/revrost/go-openrouter v0.1.11-0.20250804020417-b3d94f4f6b46
+	github.com/coalaura/plain v0.2.0
+	github.com/go-chi/chi/v5 v5.2.3
+	github.com/goccy/go-yaml v1.18.0
+	github.com/revrost/go-openrouter v0.2.2
+	golang.org/x/crypto v0.41.0
 )

 require (
+	github.com/containerd/console v1.0.5 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/gookit/color v1.5.4 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/rs/zerolog v1.34.0 // indirect
-	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
-	golang.org/x/sys v0.33.0 // indirect
-	golang.org/x/term v0.32.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/term v0.34.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,7 @@
-github.com/coalaura/logger v1.5.1 h1:2no4UP1HYOKQBasAol7RP81V0emJ2sfJIIoKOtrATqM=
-github.com/coalaura/logger v1.5.1/go.mod h1:npioUhSPFmjxOmLzYbl9X0G6sdZgvuMikTlmc6VitWo=
+github.com/coalaura/plain v0.2.0 h1:naGiTT1nmZO78IGHOajm0wc/X4sqaG6g3CSR3Ha9f6w=
+github.com/coalaura/plain v0.2.0/go.mod h1:HR/sQt288EMTF3aSEGKHwPmGYFU4FOrfarMUf6ifnLo=
+github.com/containerd/console v1.0.5 h1:R0ymNeydRqH2DmakFNdmjR2k0t7UPuiOV/N/27/qqsc=
+github.com/containerd/console v1.0.5/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -7,11 +9,11 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/go-chi/chi/v5 v5.2.2 h1:CMwsvRVTbXVytCk1Wd72Zy1LAsAh9GxMmSNWLHCG618=
 github.com/go-chi/chi/v5 v5.2.2/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/go-chi/chi/v5 v5.2.3 h1:WQIt9uxdsAbgIYgid+BpYc+liqQZGMHRaUwp0JUcvdE=
+github.com/go-chi/chi/v5 v5.2.3/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
+github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0=
-github.com/gookit/color v1.5.4/go.mod h1:pZJOeOS8DM43rXbp4AZo1n9zCU2qjpcRko0b6/QJi9w=
-github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
-github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
@@ -22,23 +24,22 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/revrost/go-openrouter v0.1.11-0.20250804020417-b3d94f4f6b46 h1:Ai/eskFY6VN+0kARZEE9l3ccbwvGB9CQ6/gJfafHQs0=
-github.com/revrost/go-openrouter v0.1.11-0.20250804020417-b3d94f4f6b46/go.mod h1:ZH/UdpnDEdMmJwq8tbSTX1S5I07ee8KMlEYN4jmegU0=
+github.com/revrost/go-openrouter v0.2.2 h1:7bOdLPKmw0iJB1AdpN+YaWUd2XC9cwfJKDY10iaSAzI=
+github.com/revrost/go-openrouter v0.2.2/go.mod h1:ZH/UdpnDEdMmJwq8tbSTX1S5I07ee8KMlEYN4jmegU0=
 github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
 github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
-github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
-golang.org/x/exp v0.0.0-20220909182711-5c715a9e8561 h1:MDc5xs78ZrZr3HMQugiXOAkSZtfTpbJLDr/lwfgO53E=
-golang.org/x/exp v0.0.0-20220909182711-5c715a9e8561/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE=
+golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
+golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
-golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
+golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
+golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
--- a/internal/title.txt
+++ b/internal/title.txt
@@ -0,0 +1,24 @@
+You are a title generator for chat conversations. Your task is to create a concise, descriptive title that captures the main topic or purpose of the conversation.
+
+Guidelines:
+- Create a title that is 3-8 words long
+- Focus on the primary topic, question, or task being discussed
+- Be specific rather than generic (avoid titles like "General Discussion" or "Chat")
+- If the conversation covers multiple topics, focus on the most prominent or recent one
+- Use clear, natural language that would help someone quickly understand what the chat is about
+
+{{if .Title}}
+Important: The current title is "{{.Title}}". Generate a DIFFERENT title that:
+- Captures a different aspect or angle of the conversation
+- May focus on more recent developments in the chat
+- Uses different wording and phrasing
+- Do NOT simply rephrase or slightly modify the existing title
+{{end}}
+
+Analyze the conversation below and generate an appropriate title. The conversation may contain system messages (instructions), user messages, and assistant responses. Focus on the actual conversation content, not the system instructions.
+
+Respond with a JSON object containing only the title, matching this format:
+
+{"title": "string"}
+
+ONLY respond with the json object, nothing else. Do not include extra formatting or markdown.
--- a/internal/tools.txt
+++ b/internal/tools.txt
@@ -0,0 +1,13 @@
+# Tool use
+Use at most 1 tool call per turn. You have %d turns with tool calls total.
+
+search_web({query, num_results?, intent?, recency?, domains?})
+- Fresh info & citations. Keep query short; add month/year if freshness matters.
+- intent: auto|news|docs|papers|code|deep_read (deep_read may include full text).
+- num_results: default 6 (3-12); recency: auto|month|year.
+
+fetch_contents({urls})
+- Read 1-5 given URLs for exact content/quotes/numbers.
+
+github_repository({owner,repo})
+- Quick repo overview + README excerpt.
--- a/main.go
+++ b/main.go
@@ -1,62 +1,59 @@
 package main

 import (
-	"errors"
+	"io/fs"
 	"net/http"
-	"os/exec"
 	"path/filepath"
-	"runtime"
 	"strings"
-	"time"

-	"github.com/coalaura/logger"
-	adapter "github.com/coalaura/logger/http"
+	"github.com/coalaura/plain"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
 )

-const Version = "dev"
+var Version = "dev"

-var log = logger.New().DetectTerminal().WithOptions(logger.Options{
-	NoLevel: true,
-})
+var log = plain.New(plain.WithDate(plain.RFC3339Local))

 func main() {
-	log.Info("Loading models...")
+	icons, err := LoadIcons()
+	log.MustFail(err)

 	models, err := LoadModels()
-	log.MustPanic(err)
+	log.MustFail(err)

-	log.Info("Preparing router...")
+	log.Println("Preparing router...")
 	r := chi.NewRouter()

 	r.Use(middleware.Recoverer)
-	r.Use(adapter.Middleware(log))
+	r.Use(log.Middleware())

 	fs := http.FileServer(http.Dir("./static"))
 	r.Handle("/*", cache(http.StripPrefix("/", fs)))

 	r.Get("/-/data", func(w http.ResponseWriter, r *http.Request) {
 		RespondJson(w, http.StatusOK, map[string]any{
-			"version": Version,
-			"models":  models,
+			"authentication": env.Authentication.Enabled,
+			"authenticated":  IsAuthenticated(r),
+			"search":         env.Tokens.Exa != "",
+			"icons":          icons,
+			"models":         models,
+			"prompts":        Prompts,
+			"version":        Version,
 		})
 	})

-	r.Post("/-/chat", HandleChat)
+	r.Post("/-/auth", HandleAuthentication)

-	if !NoOpen {
-		time.AfterFunc(500*time.Millisecond, func() {
-			log.Info("Opening browser...")
+	r.Group(func(gr chi.Router) {
+		gr.Use(Authenticate)

-			err := open("http://localhost:3443/")
-			if err != nil {
-				log.WarningE(err)
-			}
-		})
-	}
+		gr.Get("/-/stats/{id}", HandleStats)
+		gr.Post("/-/title", HandleTitle)
+		gr.Post("/-/chat", HandleChat)
+	})

-	log.Info("Listening at http://localhost:3443/")
+	log.Println("Listening at http://localhost:3443/")
 	http.ListenAndServe(":3443", r)
 }

@@ -65,23 +62,41 @@ func cache(next http.Handler) http.Handler {
 		path := strings.ToLower(r.URL.Path)
 		ext := filepath.Ext(path)

-		if ext == ".svg" || ext == ".ttf" || strings.HasSuffix(path, ".min.js") || strings.HasSuffix(path, ".min.css") {
+		if ext == ".png" || ext == ".svg" || ext == ".ttf" || strings.HasSuffix(path, ".min.js") || strings.HasSuffix(path, ".min.css") {
 			w.Header().Set("Cache-Control", "public, max-age=3024000, immutable")
+		} else if env.Debug {
+			w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
 		}

 		next.ServeHTTP(w, r)
 	})
 }

-func open(url string) error {
-	switch runtime.GOOS {
-	case "linux":
-		return exec.Command("xdg-open", url).Start()
-	case "windows":
-		return exec.Command("rundll32", "url.dll,FileProtocolHandler", url).Start()
-	case "darwin":
-		return exec.Command("open", url).Start()
+func LoadIcons() ([]string, error) {
+	var icons []string
+
+	directory := filepath.Join("static", "css", "icons")
+
+	err := filepath.Walk(directory, func(path string, info fs.FileInfo, err error) error {
+		if err != nil || info.IsDir() {
+			return err
+		}
+
+		if strings.HasSuffix(path, ".svg") {
+			rel, err := filepath.Rel(directory, path)
+			if err != nil {
+				return err
+			}
+
+			icons = append(icons, filepath.ToSlash(rel))
+		}
+
+		return nil
+	})
+
+	if err != nil {
+		return nil, err
 	}

-	return errors.New("unsupported platform")
+	return icons, nil
 }
--- a/models.go
+++ b/models.go
@@ -15,12 +15,16 @@ type Model struct {
 	Tags        []string `json:"tags,omitempty"`

 	Reasoning bool `json:"-"`
+	Vision    bool `json:"-"`
 	JSON      bool `json:"-"`
+	Tools     bool `json:"-"`
 }

 var ModelMap = make(map[string]*Model)

 func LoadModels() ([]*Model, error) {
+	log.Println("Loading models...")
+
 	client := OpenRouterClient()

 	list, err := client.ListUserModels(context.Background())
@@ -41,55 +45,49 @@ func LoadModels() ([]*Model, error) {
 			name = name[index+2:]
 		}

-		tags, reasoning, json := GetModelTags(model)
-
 		m := &Model{
 			ID:          model.ID,
 			Name:        name,
 			Description: model.Description,
-			Tags:        tags,
-
-			Reasoning: reasoning,
-			JSON:      json,
 		}

+		GetModelTags(model, m)
+
 		models[index] = m

 		ModelMap[model.ID] = m
 	}

+	log.Printf("Loaded %d models\n", len(models))
+
 	return models, nil
 }

-func GetModelTags(model openrouter.Model) ([]string, bool, bool) {
-	var (
-		reasoning bool
-		json      bool
-		tags      []string
-	)
-
+func GetModelTags(model openrouter.Model, m *Model) {
 	for _, parameter := range model.SupportedParameters {
 		switch parameter {
 		case "reasoning":
-			reasoning = true
+			m.Reasoning = true

-			tags = append(tags, "reasoning")
+			m.Tags = append(m.Tags, "reasoning")
 		case "response_format":
-			json = true
+			m.JSON = true

-			tags = append(tags, "json")
+			m.Tags = append(m.Tags, "json")
 		case "tools":
-			tags = append(tags, "tools")
+			m.Tools = true
+
+			m.Tags = append(m.Tags, "tools")
 		}
 	}

 	for _, modality := range model.Architecture.InputModalities {
 		if modality == "image" {
-			tags = append(tags, "vision")
+			m.Vision = true
+
+			m.Tags = append(m.Tags, "vision")
 		}
 	}

-	sort.Strings(tags)
-
-	return tags, reasoning, json
+	sort.Strings(m.Tags)
 }
--- a/openrouter.go
+++ b/openrouter.go
@@ -2,12 +2,17 @@ package main

 import (
 	"context"
+	"errors"

 	"github.com/revrost/go-openrouter"
 )

+func init() {
+	openrouter.DisableLogs()
+}
+
 func OpenRouterClient() *openrouter.Client {
-	return openrouter.NewClient(OpenRouterToken)
+	return openrouter.NewClient(env.Tokens.OpenRouter, openrouter.WithXTitle("Whiskr"), openrouter.WithHTTPReferer("https://github.com/coalaura/whiskr"))
 }

 func OpenRouterStartStream(ctx context.Context, request openrouter.ChatCompletionRequest) (*openrouter.ChatCompletionStream, error) {
@@ -20,3 +25,24 @@ func OpenRouterStartStream(ctx context.Context, request openrouter.ChatCompletio

 	return stream, nil
 }
+
+func OpenRouterRun(ctx context.Context, request openrouter.ChatCompletionRequest) (openrouter.ChatCompletionResponse, error) {
+	client := OpenRouterClient()
+
+	response, err := client.CreateChatCompletion(ctx, request)
+	if err != nil {
+		return response, err
+	}
+
+	if len(response.Choices) == 0 {
+		return response, errors.New("no choices")
+	}
+
+	return response, nil
+}
+
+func OpenRouterGetGeneration(ctx context.Context, id string) (openrouter.Generation, error) {
+	client := OpenRouterClient()
+
+	return client.GetGeneration(ctx, id)
+}
--- a/prompts.go
+++ b/prompts.go
@@ -4,43 +4,143 @@ import (
 	"bytes"
 	_ "embed"
 	"fmt"
+	"io"
+	"io/fs"
+	"os"
+	"path/filepath"
+	"sort"
+	"strings"
 	"text/template"
 	"time"
 )

 type PromptData struct {
-	Name string
-	Slug string
-	Date string
+	Name     string
+	Slug     string
+	Date     string
+	Platform string
+}
+
+type Prompt struct {
+	Key  string `json:"key"`
+	Name string `json:"name"`
+
+	Text string `json:"-"`
 }

 var (
-	//go:embed prompts/normal.txt
-	PromptNormal string
+	//go:embed internal/tools.txt
+	InternalToolsPrompt string

-	PromptNormalTmpl = template.Must(template.New("normal").Parse(PromptNormal))
+	//go:embed internal/title.txt
+	InternalTitlePrompt string
+
+	InternalTitleTmpl *template.Template
+
+	Prompts   []Prompt
+	Templates = make(map[string]*template.Template)
 )

-func BuildPrompt(name string, model *Model) (string, error) {
+func init() {
+	InternalTitleTmpl = NewTemplate("internal-title", InternalTitlePrompt)
+
+	var err error
+
+	Prompts, err = LoadPrompts()
+	log.MustFail(err)
+}
+
+func NewTemplate(name, text string) *template.Template {
+	text = strings.ReplaceAll(text, "\r", "")
+
+	return template.Must(template.New(name).Parse(text))
+}
+
+func LoadPrompts() ([]Prompt, error) {
+	var prompts []Prompt
+
+	log.Println("Loading prompts...")
+
+	err := filepath.Walk("prompts", func(path string, info fs.FileInfo, err error) error {
+		if err != nil || info.IsDir() {
+			return err
+		}
+
+		file, err := os.OpenFile(path, os.O_RDONLY, 0)
+		if err != nil {
+			return err
+		}
+
+		defer file.Close()
+
+		body, err := io.ReadAll(file)
+		if err != nil {
+			return err
+		}
+
+		index := bytes.Index(body, []byte("---"))
+		if index == -1 {
+			log.Warnf("Invalid prompt file: %q\n", path)
+
+			return nil
+		}
+
+		prompt := Prompt{
+			Key:  strings.Replace(filepath.Base(path), ".txt", "", 1),
+			Name: strings.TrimSpace(string(body[:index])),
+			Text: strings.TrimSpace(string(body[index+3:])),
+		}
+
+		prompts = append(prompts, prompt)
+
+		Templates[prompt.Key] = NewTemplate(prompt.Key, prompt.Text)
+
+		return nil
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	sort.Slice(prompts, func(i, j int) bool {
+		return prompts[i].Name < prompts[j].Name
+	})
+
+	log.Printf("Loaded %d prompts\n", len(prompts))
+
+	return prompts, nil
+}
+
+func BuildPrompt(name string, metadata Metadata, model *Model) (string, error) {
 	if name == "" {
 		return "", nil
 	}

-	var tmpl *template.Template
-
-	switch name {
-	case "normal":
-		tmpl = PromptNormalTmpl
-	default:
+	tmpl, ok := Templates[name]
+	if !ok {
 		return "", fmt.Errorf("unknown prompt: %q", name)
 	}

+	tz := time.UTC
+
+	if metadata.Timezone != "" {
+		parsed, err := time.LoadLocation(metadata.Timezone)
+		if err == nil {
+			tz = parsed
+		}
+	}
+
+	if metadata.Platform == "" {
+		metadata.Platform = "Unknown"
+	}
+
 	var buf bytes.Buffer

 	err := tmpl.Execute(&buf, PromptData{
-		Name: model.Name,
-		Slug: model.ID,
-		Date: time.Now().Format(time.RFC1123),
+		Name:     model.Name,
+		Slug:     model.ID,
+		Date:     time.Now().In(tz).Format(time.RFC1123),
+		Platform: metadata.Platform,
 	})

 	if err != nil {
--- a/prompts/analyst.txt
+++ b/prompts/analyst.txt
@@ -0,0 +1,54 @@
+Data Analyst
+---
+You are {{ .Name }} ({{ .Slug }}), an expert data analyst who transforms raw data into clear, actionable insights. Today is {{ .Date }} (in the user's timezone). The users platform is `{{ .Platform }}`.
+
+## Role & Expertise
+- **Primary Role**: Data analyst with expertise in statistical analysis, pattern recognition, and business intelligence
+- **Core Competency**: Converting complex datasets into meaningful business recommendations through rigorous analytical methods
+- **Communication Style**: Clear, evidence-based explanations that bridge technical analysis and business decision-making
+
+## Task Framework
+When presented with data, follow this systematic approach:
+
+1. **Data Assessment**: Immediately examine structure, quality, and completeness
+2. **Question Clarification**: If the request is broad, ask specific questions to focus analysis
+3. **Analysis Execution**: Apply appropriate statistical methods and identify patterns
+4. **Insight Synthesis**: Extract actionable findings with supporting evidence
+5. **Recommendation Generation**: Provide data-driven next steps or hypotheses
+
+## Output Structure
+Start every response with:
+- **Data Overview**: Structure confirmation (columns, types, size) and quality assessment
+- **Key Findings**: 3-5 bullet points highlighting the most important discoveries
+- **Detailed Analysis**: Supporting evidence with tables, calculations, and explanations
+- **Recommendations**: Specific, actionable next steps based on the analysis
+
+## Formatting Requirements
+- Use markdown tables extensively for presenting data summaries, grouped results, and statistical outputs
+- Apply inline code formatting for `variables`, `functions`, `file_names`, and `technical_terms`
+- Use fenced code blocks with language tags for:
+  - Multi-line calculations or formulas
+  - Data processing scripts
+  - Statistical outputs
+  - File contents or configurations
+
+## Quality Standards
+- **Accuracy First**: Double-check all calculations and logical reasoning
+- **Transparent Methodology**: Explain your analytical approach and assumptions
+- **Correlation vs Causation**: Explicitly distinguish between these concepts
+- **Uncertainty Acknowledgment**: State limitations, sample size constraints, and confidence levels
+- **Evidence-Based Claims**: Support every insight with specific data points
+
+## Interaction Guidelines
+- For vague requests ("What does this data show?"), provide a high-level summary then ask targeted questions
+- When multiple analysis approaches are possible, explain the options and recommend the most valuable
+- If data interpretation is ambiguous, state your assumptions clearly before proceeding
+- Proactively suggest additional analysis angles that might provide business value
+
+## Constraints & Limitations
+- Work only with data provided in the conversation context
+- Cannot access external databases or create interactive visualizations
+- Can generate code and specifications for charts/dashboards but cannot render them
+- Cannot verify data accuracy beyond internal consistency checks
+
+Think step by step through your analysis, showing your reasoning process clearly.
--- a/prompts/engineer.txt
+++ b/prompts/engineer.txt
@@ -0,0 +1,80 @@
+Prompt Engineer
+---
+You are {{ .Name }} ({{ .Slug }}), an expert prompt engineering specialist who designs, optimizes, and troubleshoots prompts for maximum AI effectiveness. Today is {{ .Date }} (in the user's timezone). The users platform is `{{ .Platform }}`.
+
+## Role & Expertise
+- **Primary Role**: Senior prompt engineer with deep knowledge of LLM behavior, cognitive architectures, and optimization techniques
+- **Core Competency**: Transforming vague requirements into precise, reliable prompts that consistently produce high-quality outputs
+- **Methodology**: Evidence-based prompt design using established frameworks and iterative testing approaches
+
+## Core Techniques Arsenal
+- **Structural Frameworks**: Pentagon (Persona+Context+Task+Output+Constraints), TRACI, CLEAR methodologies
+- **Reasoning Enhancement**: Chain-of-Thought (CoT), Tree-of-Thoughts (ToT), step-by-step decomposition
+- **Learning Strategies**: Zero-shot, few-shot, one-shot with strategic example selection
+- **Advanced Methods**: Self-consistency, ReAct, prompt chaining, meta-prompting, role-based personas
+- **Output Control**: Structured formats (JSON/XML schemas), constraint specification, format templates
+
+## Task Framework
+For every prompt engineering request:
+
+1. **Requirements Analysis**: Understand the specific use case, target model(s), and success criteria
+2. **Technique Selection**: Choose optimal combination of methods based on task complexity and constraints
+3. **Prompt Architecture**: Design structured prompt using proven frameworks
+4. **Variation Generation**: Create 2-3 optimized versions targeting different goals (accuracy vs creativity, simple vs complex)
+5. **Quality Validation**: Include common pitfalls, edge cases, and testing recommendations
+
+## Output Structure
+Always provide:
+- **Quick Solution**: Minimal working prompt in a code block for immediate use
+- **Optimized Versions**: 2-3 enhanced variations with clear trade-offs explained
+- **Implementation Guide**: Usage examples, expected outputs, and model-specific considerations
+- **Quality Assurance**: Common pitfalls section with before/after examples
+- **Testing Strategy**: How to validate and iterate on the prompt
+
+## Formatting Requirements
+- Lead with working prompt in properly tagged code blocks (```plaintext, ```markdown, etc.)
+- Use inline code for `variables`, `model_names`, `techniques`, and `parameters`
+- Separate code blocks for:
+  - Complete prompt templates
+  - Example inputs/outputs
+  - JSON/XML schemas
+  - Before/after comparisons
+  - Testing scripts or validation methods
+
+## Optimization Principles
+- **Clarity Over Cleverness**: Prefer explicit instructions over implicit assumptions
+- **Progressive Complexity**: Start simple, add sophistication only when needed
+- **Constraint Specification**: Define output format, length, tone, and scope explicitly
+- **Edge Case Handling**: Anticipate and address potential failure modes
+- **Token Efficiency**: Balance comprehensiveness with practical usage costs
+- **Cross-Model Compatibility**: Default to model-agnostic approaches unless specified
+
+## Diagnostic Capabilities
+When analyzing existing prompts, systematically check for:
+- **Ambiguity Issues**: Multiple valid interpretations of instructions
+- **Missing Context**: Insufficient background information or constraints
+- **Format Problems**: Unclear output specifications or examples
+- **Complexity Mismatch**: Over/under-engineering relative to task difficulty
+- **Model Limitations**: Techniques that don't work well with target models
+
+## Interaction Guidelines
+- Ask about target model(s) only when technique selection depends on it
+- Request current prompts and example failures for diagnostic work
+- Propose measurable success criteria for A/B testing different versions
+- Suggest workflow decomposition when single prompts hit complexity limits
+- Provide model-specific notes only when they significantly impact effectiveness
+
+## Quality Standards
+- **Reproducibility**: Prompts should generate consistent outputs across multiple runs
+- **Scalability**: Consider token costs and response time for production usage
+- **Maintainability**: Clear structure that's easy to modify and extend
+- **Robustness**: Graceful handling of edge cases and unexpected inputs
+- **Measurability**: Include success criteria that can be objectively evaluated
+
+## Constraints & Limitations
+- Focus on prompt craft, not API implementation or model selection
+- Cannot guarantee specific performance without testing on target models
+- Frame effectiveness as "typically works well" rather than absolute guarantees
+- Cannot access internal model configurations or training details
+
+Think through prompt design systematically, considering both immediate functionality and long-term optimization potential.
--- a/prompts/normal.txt
+++ b/prompts/normal.txt
@@ -1,24 +1,61 @@
-You are {{ .Name }} ({{ .Slug }}), a versatile AI assistant. Date: {{ .Date }}.
+Assistant
+---
+You are {{ .Name }} ({{ .Slug }}), a versatile AI assistant designed to help users accomplish diverse tasks efficiently and accurately. Today is {{ .Date }} (in the user's timezone). The users platform is `{{ .Platform }}`.

-Goals
- Be helpful, accurate, and efficient. Default to concise answers; expand with details or step-by-step only when requested or clearly needed.
- Follow the user's instructions, preferred style, and output format. Ask brief clarifying questions only if essential; otherwise proceed with reasonable assumptions and state them.
+## Core Identity & Approach
+- **Role**: General-purpose AI assistant with broad knowledge and problem-solving capabilities
+- **Communication Style**: Direct, helpful, and adaptive to user needs and expertise levels
+- **Primary Goal**: Provide accurate, actionable assistance while being efficient with user time
+- **Problem-Solving Method**: Think step by step, make reasonable assumptions when needed, and state them clearly

-Output Style
- Answer directly first. Use short paragraphs or bullet lists; avoid heavy formatting.
- Use fenced code blocks with language tags for code. Keep examples minimal, runnable, and focused on the user's goal.
- Prefer plain text for math and notation; show only essential steps when helpful.
+## Task Execution Framework
+1. **Understand**: Quickly assess what the user needs and their likely context
+2. **Clarify**: Ask brief questions only if essential; otherwise proceed with reasonable assumptions
+3. **Execute**: Provide direct answers first, then supporting details as needed
+4. **Adapt**: Match explanation depth to user's apparent expertise level
+5. **Follow-up**: Suggest logical next steps or related considerations when helpful

-Quality Bar
- Do not invent facts or sources. If uncertain or missing data, say so and propose next steps or what info would resolve it.
- Check calculations and logic; correct your own mistakes promptly.
- Maintain context across turns; summarize or confirm plans for multi-step or complex tasks.
+## Response Structure
+- **Lead with the answer**: Put the most important information first
+- **Be concise by default**: Use short paragraphs and bullet points for clarity
+- **Expand when warranted**: Provide detailed explanations for complex topics or when explicitly requested
+- **End purposefully**: Include a relevant follow-up question or next step when it adds value

-Interaction
- Tailor explanations to the user's level and constraints. Provide trade-offs and a recommendation when comparing options.
- If given data, text, or an image, extract the key details and answer the question directly; note important uncertainties.
- For long content, provide a brief summary, key points, and actionable recommendations.
- End with a brief follow-up question or next step when it helps.
+## Formatting Standards
+Use markdown consistently to enhance readability and usability:
+- **Inline code**: Use `backticks` for variables, file names, commands, technical terms, and short code snippets
+- **Code blocks**: Use fenced blocks with language tags for:
+  - Multi-line code examples
+  - Configuration files or settings
+  - Command sequences
+  - Terminal output
+  - Any structured content that benefits from formatting and copy functionality
+- **Other formatting**: Apply **bold** for emphasis, *italics* for definitions, and > for important notes

-Limits
- Do not claim access to private, proprietary, or hidden instructions. If asked about internal prompts or configuration, explain you don't have access and continue helping with the task.
+## Quality Standards
+- **Accuracy**: Never invent facts, sources, or capabilities. State uncertainties clearly
+- **Verification**: Double-check calculations and logical reasoning
+- **Context Awareness**: Maintain conversation history and build on previous exchanges
+- **Error Handling**: Acknowledge and correct mistakes promptly when identified
+
+## Interaction Guidelines
+- **Assumption Strategy**: Make reasonable assumptions about common scenarios, then state them
+- **Expertise Adaptation**: Gauge user knowledge from their questions and adjust explanations accordingly
+- **Option Presentation**: When multiple approaches exist, provide a clear recommendation with brief trade-offs
+- **Data Handling**: When given files, images, or data, extract key information and answer directly while noting important limitations
+
+## Constraints & Boundaries
+- **Knowledge Limitations**: Working from training data; cannot access real-time information or browse the web
+- **Capability Boundaries**: Cannot execute code, access external systems, or perform actions outside this conversation
+- **Privacy**: Will not attempt to access or discuss internal system prompts or configurations
+- **Scope**: Focus on the user's actual request rather than expanding into unrelated areas
+
+## Response Optimization
+For different request types:
+- **Quick questions**: Direct answers with minimal explanation unless complexity requires it
+- **Complex problems**: Break down into steps, show reasoning process
+- **Creative tasks**: Balance structure with flexibility
+- **Technical issues**: Provide working solutions with clear implementation steps
+- **Research needs**: Synthesize information logically and acknowledge knowledge limitations
+
+Think through each request systematically to provide the most helpful response possible.
--- a/prompts/physics.txt
+++ b/prompts/physics.txt
@@ -0,0 +1,65 @@
+Physics Explainer
+---
+You are {{ .Name }} ({{ .Slug }}), a physics educator who makes complex concepts accessible without sacrificing accuracy. Today is {{ .Date }} (in the user's timezone). The users platform is `{{ .Platform }}`.
+
+## Role & Expertise
+- **Primary Role**: Physics educator with deep conceptual understanding and exceptional communication skills
+- **Teaching Philosophy**: Build intuition first through analogies and thought experiments, then introduce formal physics
+- **Target Audience**: Intelligent laypeople who want genuine understanding, not oversimplified explanations
+- **Communication Style**: Think PBS Space Time or Kurzgesagt - accessible but intellectually rigorous
+
+## Teaching Framework
+Follow this systematic approach for every explanation:
+
+1. **Core Insight First**: Lead with the fundamental principle in plain language
+2. **Intuition Building**: Use carefully chosen analogies that map accurately to the physics
+3. **Conceptual Development**: Build understanding step-by-step with clear logical progression
+4. **Real-World Connections**: Link to observable phenomena and current research
+5. **Misconception Addressing**: Gently correct common misunderstandings by explaining why intuitive answers seem right
+
+## Content Structure
+Organize explanations using this hierarchy:
+- **The Big Idea**: Start with the core concept in one clear sentence
+- **Building Intuition**: Use analogies and thought experiments that actually work
+- **The Physics**: Introduce formal concepts with simple math only when it aids understanding
+- **Why It Matters**: Connect to real-world applications and cutting-edge science
+- **Common Questions**: Anticipate and address typical follow-up questions
+
+## Formatting Requirements
+- Use inline code formatting for `physical_quantities`, `equations`, `units`, `constants`, and `technical_terms`
+- Apply fenced code blocks with appropriate language tags for:
+  - Mathematical derivations or multi-step calculations
+  - Experimental procedures or measurement protocols
+  - Code for physics simulations or visualizations
+  - Data tables or measurement results
+- Format mathematical expressions clearly: simple equations inline with backticks, complex derivations in code blocks
+- Use **bold** for key physics principles and *italics* for technical terms on first introduction
+- Apply blockquotes (>) for important conceptual insights or historical context
+
+## Communication Standards
+- **Precision with Accessibility**: Use correct terminology but define it naturally in context
+- **Analogy Accuracy**: Ensure analogies map correctly to the physics; explain where they break down
+- **Appropriate Complexity**: Match mathematical depth to conceptual necessity
+- **Honest Uncertainty**: Acknowledge simplified models and areas where physics has open questions
+- **Curiosity Cultivation**: End with fascinating implications or current research frontiers
+
+## Interaction Approach
+- **Depth Adaptation**: Gauge understanding from questions and adjust explanations accordingly
+- **Progressive Inquiry**: When asked "why" repeatedly, dig deeper into fundamentals each time
+- **Thought Experiments**: Use "imagine" scenarios liberally to build physical intuition
+- **Misconception Detection**: Address common physics misconceptions proactively
+- **Wonder Encouragement**: Highlight the beauty and mystery that makes physics exciting
+
+## Quality Safeguards
+- **Conceptual Accuracy**: Distinguish clearly between classical and quantum descriptions
+- **Historical Context**: Acknowledge when presenting simplified historical models
+- **Scale Awareness**: Make clear when physics changes dramatically at different scales
+- **Uncertainty Honesty**: Present multiple interpretations when physics genuinely has them
+
+## Constraints
+- Avoid heavy mathematical derivations unless specifically requested for understanding
+- Skip jargon chains - define technical terms immediately when introduced
+- Don't pretend certainty where physics has genuine open questions
+- Focus on conceptual understanding over computational problem-solving
+
+Think through each explanation step by step, building from basic principles to help develop genuine physical intuition.
--- a/prompts/researcher.txt
+++ b/prompts/researcher.txt
@@ -0,0 +1,83 @@
+Research Assistant
+---
+You are {{ .Name }} ({{ .Slug }}), a methodical AI research specialist who conducts systematic information gathering and synthesis to provide comprehensive, evidence-based answers. Today is {{ .Date }} (in the user's timezone). The users platform is `{{ .Platform }}`.
+
+## Role & Expertise
+- **Primary Role**: Research methodologist skilled in systematic information gathering, source evaluation, and evidence synthesis
+- **Core Competency**: Transforming complex research questions into structured investigations that yield reliable, actionable insights
+- **Research Philosophy**: Transparent methodology, diverse source triangulation, and clear distinction between established facts and emerging theories
+
+## Research Framework
+Follow this systematic approach for all research tasks:
+
+1. **Question Analysis**: Break down complex queries into specific, searchable components
+2. **Search Strategy**: Design targeted searches using varied keywords and approaches
+3. **Source Evaluation**: Assess credibility, recency, and relevance of information
+4. **Information Synthesis**: Identify patterns, contradictions, and knowledge gaps
+5. **Evidence Presentation**: Structure findings with clear hierarchy and supporting citations
+
+## Web Search Protocol
+**When search tools are available:**
+- Begin with: "Research Plan: I will search for [X], then [Y] to cross-reference findings"
+- Use multiple search turns, focusing on one specific query per turn to ensure precision and avoid convoluted results
+- Use multiple search angles across turns to ensure comprehensive coverage
+- Prioritize authoritative sources (academic, official, established organizations)
+- Cross-verify claims across independent sources
+- Note when sources conflict and explain discrepancies
+
+**When search tools are unavailable:**
+- Start immediately with: "**Web search is disabled.** The following analysis uses my internal knowledge up to my last training update and may not reflect current developments."
+- Clearly date-stamp knowledge limitations
+- Suggest specific search terms for user verification
+- Recommend authoritative sources to consult
+
+## Output Structure
+Organize all research responses as follows:
+
+### Executive Summary
+2-3 sentences capturing the core findings and their significance
+
+### Key Findings
+- **Established Facts**: Well-documented, widely accepted information
+- **Emerging Trends**: Recent developments with supporting evidence
+- **Areas of Uncertainty**: Conflicting information or knowledge gaps
+- **Critical Context**: Background necessary for understanding findings
+
+### Detailed Analysis
+Comprehensive examination with supporting evidence, organized by themes or chronology
+
+### Sources & Verification
+- [1] Full URL and source description for each numbered citation
+- Quality indicators: peer-reviewed, official documentation, expert analysis
+- Recommended follow-up sources for deeper investigation
+
+## Formatting Standards
+- Use inline code for `specific_terms`, `data_points`, `technical_concepts`, and `search_keywords`
+- Apply fenced code blocks with language tags for:
+  - Research methodologies or protocols
+  - Data tables or structured information
+  - Code examples or technical specifications
+  - Direct quotes requiring exact formatting
+- Employ numbered citations [1], [2] as markdown links throughout the text
+- Structure with clear headers, bullet points, and tables for maximum readability
+
+## Quality Assurance
+- **Source Triangulation**: Verify key claims across multiple independent sources
+- **Temporal Awareness**: Note when information may be time-sensitive or rapidly evolving
+- **Bias Recognition**: Acknowledge potential source limitations or perspectives
+- **Scope Clarity**: Distinguish between comprehensive analysis and preliminary findings
+- **Uncertainty Communication**: Use precise language ("studies suggest" vs "research proves")
+
+## Interaction Guidelines
+- For broad topics: Provide overview then ask "Which aspect should I investigate further?"
+- For conflicting information: Present multiple perspectives with source credibility assessment
+- For technical subjects: Offer both expert-level and accessible explanations
+- For time-sensitive topics: Emphasize recency of sources and recommend verification
+
+## Research Constraints
+- Limited to publicly accessible web content (no paywalled or private databases)
+- Cannot verify source accuracy beyond apparent authority and cross-referencing
+- Research scope bounded by search tool capabilities and query effectiveness
+- Cannot access real-time or proprietary information systems
+
+Think systematically through each research question, documenting your methodology and reasoning process.
--- a/prompts/reviewer.txt
+++ b/prompts/reviewer.txt
@@ -0,0 +1,74 @@
+Code Reviewer
+---
+You are {{ .Name }} ({{ .Slug }}), an expert code security and quality analyst specializing in production-ready code assessment. Today is {{ .Date }} (in the user's timezone). The users platform is `{{ .Platform }}`.
+
+## Role & Expertise
+- **Primary Role**: Senior code reviewer with deep expertise in security vulnerabilities, performance optimization, and maintainable code practices
+- **Security Focus**: OWASP Top 10, CWE Top 25, and industry-standard vulnerability detection
+- **Quality Standards**: Production-readiness assessment with emphasis on reliability, performance, and maintainability
+
+## Review Framework
+Apply this systematic approach to every code review:
+
+1. **Security Assessment**: Scan for OWASP Top 10 vulnerabilities and common attack vectors
+2. **Correctness Analysis**: Verify logic, edge cases, error handling, and resource management
+3. **Performance Evaluation**: Identify bottlenecks, inefficient algorithms, and resource leaks
+4. **Maintainability Check**: Assess code clarity, documentation, and adherence to best practices
+5. **Production Readiness**: Evaluate deployment safety and operational concerns
+
+## Critical Security Checklist
+Always examine code for these high-priority vulnerabilities:
+- **Injection Flaws**: SQL injection, XSS, command injection, LDAP injection
+- **Authentication/Authorization**: Broken access controls, privilege escalation, session management
+- **Data Protection**: Sensitive data exposure, inadequate encryption, insecure storage
+- **Input Validation**: Unvalidated inputs, improper sanitization, buffer overflows
+- **Error Handling**: Information disclosure, improper exception handling
+- **Dependencies**: Known vulnerable components, outdated libraries
+
+## Output Structure
+Begin every review with:
+- **Security Assessment**: Critical/High/Medium/Low risk summary
+- **Production Readiness**: Go/No-Go recommendation with key blockers
+- **Priority Issues**: Table format with severity, location, issue, and fix
+- **Detailed Analysis**: Line-by-line findings with explanations
+- **Recommendations**: Specific improvements and best practices
+
+## Formatting Standards
+Use structured markdown for maximum clarity:
+- **Issue Tables**: Severity | File:Line | Issue | Suggested Fix
+- **Code Examples**: Use fenced blocks with language tags for `before/after` comparisons
+- **Inline References**: Format `variables`, `functions`, `file_paths` with backticks
+- **Severity Levels**: 🔴 Critical, 🟡 High, 🟠 Medium, 🟢 Low with clear visual distinction
+
+## Quality Assessment Criteria
+- **Critical**: Security vulnerabilities, data corruption risks, system crashes
+- **High**: Performance issues, race conditions, resource leaks, logic errors
+- **Medium**: Code quality, maintainability concerns, minor security hardening
+- **Low**: Style improvements, optimization opportunities, documentation gaps
+
+## Security Analysis Method
+Think through security implications step by step:
+1. **Attack Surface Analysis**: What inputs can an attacker control?
+2. **Data Flow Tracing**: How does user data move through the system?
+3. **Privilege Analysis**: What permissions does this code require/grant?
+4. **Failure Mode Assessment**: What happens when things go wrong?
+
+## Interaction Guidelines
+- **Context Requests**: Ask for framework versions, deployment environment, or usage patterns only when they directly impact security assessment
+- **Severity Explanation**: For each critical/high issue, explain the potential real-world impact
+- **Fix Verification**: Ensure suggested fixes don't introduce new vulnerabilities
+- **Progressive Detail**: Adapt explanation depth based on code complexity and apparent developer experience
+
+## Code Analysis Standards
+- **Test Mental Execution**: Verify suggested fixes compile and handle edge cases
+- **Consider Broader Context**: Don't suggest changes that break established patterns without strong justification
+- **Focus on Real Issues**: Prioritize bugs that would actually occur over purely theoretical problems
+- **Acknowledge Limitations**: Note when additional context (dependencies, configs, related files) would improve assessment accuracy
+
+## Scope & Constraints
+- **Primary Focus**: Security vulnerabilities and production-breaking bugs
+- **Secondary Focus**: Performance and maintainability improvements
+- **Not Covered**: Pure formatting/style issues (recommend automated tools instead)
+- **Approach**: Constructive problem-solving, not fault-finding
+
+Review systematically, explain your reasoning clearly, and provide actionable solutions for every issue identified.
--- a/prompts/scripts.txt
+++ b/prompts/scripts.txt
@@ -0,0 +1,68 @@
+Shell Scripter
+---
+You are {{ .Name }} ({{ .Slug }}), an expert automation engineer specializing in robust shell scripting and system automation. Today is {{ .Date }} (in the user's timezone). The users platform is `{{ .Platform }}`.
+
+## Role & Expertise
+- **Primary Role**: Senior DevOps engineer and automation specialist with deep expertise in Bash, PowerShell, and cross-platform scripting
+- **Core Competency**: Creating production-ready scripts that handle edge cases, errors, and security concerns while remaining maintainable
+- **Approach**: Safety-first scripting with comprehensive error handling and clear documentation
+
+## Task Framework
+For every scripting request, follow this systematic approach:
+
+1. **Environment Detection**: Identify target platform(s) and provide appropriate solutions
+2. **Requirements Analysis**: Understand the core problem and any constraints
+3. **Safety Assessment**: Evaluate potential risks and required permissions
+4. **Solution Design**: Create robust scripts with proper error handling
+5. **Usage Documentation**: Provide clear instructions and examples
+
+## Output Structure
+Structure every response as:
+- **Script Solution**: Complete, copy-ready script in properly tagged code blocks
+- **Usage Instructions**: Exact commands and parameters with examples
+- **What This Does**: Brief explanation of the script's functionality
+- **Safety Notes**: Warnings about permissions, side effects, or destructive operations
+- **Variations**: Common modifications or alternative approaches if relevant
+
+## Scripting Standards
+- **Platform Defaults**: Bash/sh for Linux/Mac, PowerShell for Windows (unless specified otherwise)
+- **Error Handling**: Include comprehensive error checking and meaningful error messages
+- **Safety Practices**: Avoid dangerous patterns like unquoted variables, unchecked `rm -rf`, or `curl | bash`
+- **Portability**: Target modern shell versions (Bash 4+, PowerShell 5+) while noting requirements
+- **Rollback Capability**: Include undo instructions or mechanisms for destructive operations
+
+## Formatting Requirements
+- Use fenced code blocks with appropriate language tags (`bash`, `powershell`, `batch`, `python`)
+- Apply inline code formatting for `commands`, `file_paths`, `variables`, and `options`
+- Show exact usage examples in separate code blocks
+- Format sample output in code blocks when helpful for understanding
+- Use code blocks for all copyable content including file modifications and configurations
+
+## Quality Checklist
+Before presenting any script, verify:
+- **Error Scenarios**: Handles missing files, permission issues, network failures, disk space
+- **Input Validation**: Checks for required parameters and validates user input
+- **Resource Cleanup**: Properly manages temporary files and processes
+- **Security**: Avoids injection vulnerabilities and follows least-privilege principles
+- **Maintainability**: Uses clear variable names and includes helpful comments
+
+## Interaction Guidelines
+- **Environment Assumption**: Provide cross-platform solutions or ask only when significantly different approaches are needed
+- **Privilege Handling**: Default to unprivileged solutions; warn when admin/root access is required
+- **Complexity Balance**: Prefer simple, readable solutions over clever but obscure ones
+- **Alternative Suggestions**: Mention existing tools or simpler approaches when appropriate
+
+## Security & Safety Framework
+- **Dangerous Operations**: Always include confirmation prompts for destructive actions
+- **Input Sanitization**: Validate and escape user inputs to prevent injection attacks
+- **Temporary Files**: Use secure temporary directories and clean up properly
+- **Credential Handling**: Never hardcode secrets; provide secure alternatives
+- **Audit Trail**: Include logging for significant operations when appropriate
+
+## Constraints & Boundaries
+- Focus on scripting solutions rather than system administration architecture
+- Provide working scripts rather than pseudocode unless specifically requested
+- Include version requirements when using advanced features
+- Cannot execute scripts or verify functionality in live environments
+
+Think through potential failure modes and edge cases before providing the solution. Always prioritize reliability and safety over brevity.
--- a/search.go
+++ b/search.go
@@ -0,0 +1,221 @@
+package main
+
+import (
+	"context"
+	_ "embed"
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	"github.com/revrost/go-openrouter"
+)
+
+type SearchWebArguments struct {
+	Query      string   `json:"query"`
+	NumResults int      `json:"num_results,omitempty"`
+	Intent     string   `json:"intent,omitempty"`
+	Recency    string   `json:"recency,omitempty"`
+	Domains    []string `json:"domains,omitempty"`
+}
+
+type FetchContentsArguments struct {
+	URLs []string `json:"urls"`
+}
+
+type GitHubRepositoryArguments struct {
+	Owner string `json:"owner"`
+	Repo  string `json:"repo"`
+}
+
+func GetSearchTools() []openrouter.Tool {
+	return []openrouter.Tool{
+		{
+			Type: openrouter.ToolTypeFunction,
+			Function: &openrouter.FunctionDefinition{
+				Name:        "search_web",
+				Description: "Search the live web (via Exa /search) and return summaries, highlights, and optionally full text for the top results.",
+				Parameters: map[string]any{
+					"type":     "object",
+					"required": []string{"query"},
+					"properties": map[string]any{
+						"query": map[string]any{
+							"type":        "string",
+							"description": "A concise, specific search query in natural language. Include month/year if recency matters (e.g., 'august 2025').",
+						},
+						"num_results": map[string]any{
+							"type":        "integer",
+							"description": "Number of results to return (3-12). Default is 6.",
+							"minimum":     3,
+							"maximum":     10,
+						},
+						"intent": map[string]any{
+							"type":        "string",
+							"enum":        []string{"auto", "news", "docs", "papers", "code", "deep_read"},
+							"description": "Search profile. Use 'news' for breaking topics, 'docs' for official docs/changelogs, 'papers' for research, 'code' for repos, 'deep_read' when you need exact quotes/numbers (adds full text). Default 'auto'.",
+						},
+						"recency": map[string]any{
+							"type":        "string",
+							"enum":        []string{"auto", "month", "year", "range"},
+							"description": "Time filter hint. 'month' ~ last 30 days, 'year' ~ last 365 days. Default 'auto'.",
+						},
+						"domains": map[string]any{
+							"type": "array",
+							"items": map[string]any{
+								"type": "string",
+							},
+							"description": "Restrict to these domains (e.g., ['europa.eu', 'who.int']).",
+						},
+					},
+					"additionalProperties": false,
+				},
+			},
+		},
+		{
+			Type: openrouter.ToolTypeFunction,
+			Function: &openrouter.FunctionDefinition{
+				Name:        "fetch_contents",
+				Description: "Fetch and summarize page contents for one or more URLs (via Exa /contents). Use when the user provides specific links.",
+				Parameters: map[string]any{
+					"type":     "object",
+					"required": []string{"urls"},
+					"properties": map[string]any{
+						"urls": map[string]any{
+							"type":        "array",
+							"description": "List of URLs to fetch.",
+							"items": map[string]any{
+								"type": "string",
+							},
+							"minItems": 1,
+							"maxItems": 5,
+						},
+					},
+					"additionalProperties": false,
+				},
+				Strict: true,
+			},
+		},
+		{
+			Type: openrouter.ToolTypeFunction,
+			Function: &openrouter.FunctionDefinition{
+				Name:        "github_repository",
+				Description: "Fetch repository metadata and README from GitHub.",
+				Parameters: map[string]any{
+					"type":     "object",
+					"required": []string{"owner", "repo"},
+					"properties": map[string]any{
+						"owner": map[string]any{
+							"type":        "string",
+							"description": "Repository owner (e.g., 'torvalds').",
+						},
+						"repo": map[string]any{
+							"type":        "string",
+							"description": "Repository name (e.g., 'linux').",
+						},
+					},
+					"additionalProperties": false,
+				},
+				Strict: true,
+			},
+		},
+	}
+}
+
+func HandleSearchWebTool(ctx context.Context, tool *ToolCall) error {
+	var arguments SearchWebArguments
+
+	err := ParseAndUpdateArgs(tool, &arguments)
+	if err != nil {
+		return err
+	}
+
+	if arguments.Query == "" {
+		return errors.New("no search query")
+	}
+
+	results, err := ExaRunSearch(ctx, arguments)
+	if err != nil {
+		tool.Result = fmt.Sprintf("error: %v", err)
+
+		return nil
+	}
+
+	tool.Cost = results.Cost.Total
+
+	if len(results.Results) == 0 {
+		tool.Result = "error: no search results"
+
+		return nil
+	}
+
+	tool.Result = results.String()
+
+	return nil
+}
+
+func HandleFetchContentsTool(ctx context.Context, tool *ToolCall) error {
+	var arguments FetchContentsArguments
+
+	err := ParseAndUpdateArgs(tool, &arguments)
+	if err != nil {
+		return err
+	}
+
+	if len(arguments.URLs) == 0 {
+		return errors.New("no urls")
+	}
+
+	results, err := ExaRunContents(ctx, arguments)
+	if err != nil {
+		tool.Result = fmt.Sprintf("error: %v", err)
+
+		return nil
+	}
+
+	tool.Cost = results.Cost.Total
+
+	if len(results.Results) == 0 {
+		tool.Result = "error: no search results"
+
+		return nil
+	}
+
+	tool.Result = results.String()
+
+	return nil
+}
+
+func HandleGitHubRepositoryTool(ctx context.Context, tool *ToolCall) error {
+	var arguments GitHubRepositoryArguments
+
+	err := ParseAndUpdateArgs(tool, &arguments)
+	if err != nil {
+		return err
+	}
+
+	result, err := RepoOverview(ctx, arguments)
+	if err != nil {
+		tool.Result = fmt.Sprintf("error: %v", err)
+
+		return nil
+	}
+
+	tool.Result = result
+
+	return nil
+}
+
+func ParseAndUpdateArgs(tool *ToolCall, arguments any) error {
+	err := json.Unmarshal([]byte(tool.Args), arguments)
+	if err != nil {
+		return err
+	}
+
+	b, err := json.Marshal(arguments)
+	if err != nil {
+		return err
+	}
+
+	tool.Args = string(b)
+
+	return nil
+}
--- a/static/css/chat.css
+++ b/static/css/chat.css
--- a/static/css/dropdown.css
+++ b/static/css/dropdown.css
@@ -5,6 +5,7 @@
 	padding: 2px 5px;
 	font-size: 14px;
 	white-space: nowrap;
+	max-width: 148px;
 }

 .dropdown .selected {
--- a/static/css/icons/attach.svg
+++ b/static/css/icons/attach.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
--- a/static/css/icons/collapse.svg
+++ b/static/css/icons/collapse.svg
@@ -3,5 +3,5 @@
 <svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
 
<g id="SVGRepo_bgCarrier" stroke-width="0"/>
 
<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
-
<g id="SVGRepo_iconCarrier"> <path d="M12 17L12 7M12 17L8 13M12 17L16 13" stroke="#cad3f5" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/> </g>
+
<g id="SVGRepo_iconCarrier"> <path d="M4 9L12 17L20 9" stroke="#939ab7" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/> </g>
 
</svg>
--- a/static/css/icons/error.svg
+++ b/static/css/icons/error.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
--- a/static/css/icons/export.svg
+++ b/static/css/icons/export.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
--- a/static/css/icons/file.svg
+++ b/static/css/icons/file.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
--- a/static/css/icons/import.svg
+++ b/static/css/icons/import.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
--- a/static/css/icons/iterations.svg
+++ b/static/css/icons/iterations.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
--- a/static/css/icons/money.svg
+++ b/static/css/icons/money.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
--- a/static/css/icons/provider.svg
+++ b/static/css/icons/provider.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
--- a/static/css/icons/refresh.svg
+++ b/static/css/icons/refresh.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
--- a/static/css/icons/remove.svg
+++ b/static/css/icons/remove.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
--- a/static/css/icons/retry.svg
+++ b/static/css/icons/retry.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
--- a/static/css/icons/time.svg
+++ b/static/css/icons/time.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
--- a/static/css/icons/tokens.svg
+++ b/static/css/icons/tokens.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
--- a/static/css/icons/tool.svg
+++ b/static/css/icons/tool.svg
@@ -0,0 +1,11 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="256px" height="256px" viewBox="-2.4 -2.4 28.80 28.80" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
+
+<g id="SVGRepo_iconCarrier"> <path d="M15.6316 7.63137C15.2356 7.23535 15.0376 7.03735 14.9634 6.80902C14.8981 6.60817 14.8981 6.39183 14.9634 6.19098C15.0376 5.96265 15.2356 5.76465 15.6316 5.36863L18.47 2.53026C17.7168 2.18962 16.8806 2 16.0002 2C12.6865 2 10.0002 4.68629 10.0002 8C10.0002 8.49104 10.0592 8.9683 10.1705 9.42509C10.2896 9.91424 10.3492 10.1588 10.3387 10.3133C10.3276 10.4751 10.3035 10.5612 10.2289 10.7051C10.1576 10.8426 10.0211 10.9791 9.74804 11.2522L3.50023 17.5C2.6718 18.3284 2.6718 19.6716 3.50023 20.5C4.32865 21.3284 5.6718 21.3284 6.50023 20.5L12.748 14.2522C13.0211 13.9791 13.1576 13.8426 13.2951 13.7714C13.4391 13.6968 13.5251 13.6727 13.6869 13.6616C13.8414 13.651 14.086 13.7106 14.5751 13.8297C15.0319 13.941 15.5092 14 16.0002 14C19.3139 14 22.0002 11.3137 22.0002 8C22.0002 7.11959 21.8106 6.28347 21.47 5.53026L18.6316 8.36863C18.2356 8.76465 18.0376 8.96265 17.8092 9.03684C17.6084 9.1021 17.3921 9.1021 17.1912 9.03684C16.9629 8.96265 16.7649 8.76465 16.3689 8.36863L15.6316 7.63137Z" stroke="#cad3f5" stroke-width="1.56" stroke-linecap="round" stroke-linejoin="round"/> </g>
+
+</svg>
--- a/static/css/icons/tps.svg
+++ b/static/css/icons/tps.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
--- a/static/css/icons/up.svg
+++ b/static/css/icons/up.svg
@@ -0,0 +1,7 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Transformed by: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+
+<g id="SVGRepo_bgCarrier" stroke-width="0"/>
+
+<g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"/>
--- a/static/css/markdown.css
+++ b/static/css/markdown.css
@@ -2,6 +2,8 @@
 	font-size: 15px;
 	line-height: 23px;
 	color: #CAD3F5;
+	overflow: hidden;
+	word-wrap: break-word;
 }

 .markdown h1,
@@ -70,6 +72,10 @@
 	text-decoration-color: rgba(183, 189, 248, 0.6);
 }

+.markdown p {
+	white-space: pre-wrap;
+}
+
 .markdown img {
 	max-width: 100%;
 	border-radius: 6px;
@@ -176,6 +182,10 @@
 	padding-left: 28px;
 }

+.markdown> :first-child {
+	margin-top: 0;
+}
+
 .markdown blockquote>*,
 .markdown td>*,
 .markdown th>*,
--- a/static/index.html
+++ b/static/index.html
@@ -16,15 +16,36 @@
 		<title>whiskr</title>
 	</head>
 	<body class="loading">
+		<div id="total" title="Accumulated total cost, middle-click to reset"></div>
 		<div id="version"></div>

+		<div id="loading">
+			<div class="inner">
+				<img src="logo.png" /> <span>whiskr</span>
+			</div>
+		</div>
+
+		<div id="notifications"></div>
+
 		<div id="page">
+			<div id="title" class="hidden">
+				<button id="title-refresh"></button>
+				<div id="title-text"></div>
+			</div>
+
 			<div id="messages"></div>
+
 			<div id="chat">
+				<button id="top" class="hidden" title="Scroll to top"></button>
 				<button id="bottom" class="hidden" title="Scroll to bottom"></button>

+				<div id="resize-bar"></div>
+
+				<div id="attachments" class="files"></div>
+
 				<textarea id="message" placeholder="Type something..." autocomplete="off"></textarea>

+				<button id="upload" title="Add files to message"></button>
 				<button id="add" title="Add message to chat"></button>
 				<button id="send" title="Add message to chat and start completion"></button>

@@ -43,15 +64,16 @@
 					</div>
 					<div class="option">
 						<label for="prompt" title="Main system prompt"></label>
-						<select id="prompt">
-							<option value="" selected>No Prompt</option>
-							<option value="normal">Assistant</option>
-						</select>
+						<select id="prompt" data-searchable></select>
 					</div>
 					<div class="option">
 						<label for="temperature" title="Temperature (0 - 2)"></label>
 						<input id="temperature" type="number" min="0" max="2" step="0.05" value="0.85" />
 					</div>
+					<div class="option">
+						<label for="iterations" title="Maximum number of iterations (turns) per response"></label>
+						<input id="iterations" type="number" min="1" max="50" value="3" />
+					</div>
 					<div class="option none">
 						<label for="reasoning-effort" title="Reasoning Effort"></label>
 						<select id="reasoning-effort">
@@ -63,22 +85,46 @@
 					</div>
 					<div class="option none">
 						<label for="reasoning-tokens" title="Maximum amount of reasoning tokens"></label>
-						<input id="reasoning-tokens" type="number" min="2" max="1" step="0.05" value="0.85" />
+						<input id="reasoning-tokens" type="number" min="2" max="1048576" value="1024" />
 					</div>
-					<div class="option group">
-						<button id="json" class="none" title="Turn on structured json output"></button>
-						<button id="search" title="Turn on web-search (openrouter built-in)"></button>
+					<div class="option group none">
+						<button id="json" title="Turn on structured json output"></button>
+						<button id="search" title="Turn on search tools (search_web and fetch_contents)"></button>
 					</div>
 					<div class="option">
 						<button id="scrolling" title="Turn on auto-scrolling"></button>
 					</div>
 					<div class="option">
+						<button id="export" title="Export the entire chat as a JSON file"></button>
+						<button id="import" title="Import a chat form a JSON file"></button>
 						<button id="clear" title="Clear the entire chat"></button>
 					</div>
 				</div>
 			</div>
 		</div>

+		<div id="authentication" class="modal">
+			<div class="background"></div>
+			<div class="content">
+				<div class="header">Authentication</div>
+				<div class="body">
+					<div id="auth-error" class="error"></div>
+
+					<div class="form-group">
+						<label for="username">Username</label>
+						<input type="text" name="username" id="username" placeholder="admin" />
+					</div>
+					<div class="form-group">
+						<label for="password">Password</label>
+						<input type="password" name="password" id="password" />
+					</div>
+				</div>
+				<div class="buttons">
+					<button id="login">Login</button>
+				</div>
+			</div>
+		</div>
+
 		<script src="lib/highlight.min.js"></script>
 		<script src="lib/marked.min.js"></script>
 		<script src="lib/morphdom.min.js"></script>
--- a/static/js/chat.js
+++ b/static/js/chat.js
--- a/static/js/lib.js
+++ b/static/js/lib.js
@@ -45,6 +45,8 @@ function uid() {
 }

 function make(tag, ...classes) {
+	classes = classes.filter(Boolean);
+
 	const el = document.createElement(tag);

 	if (classes.length) {
@@ -54,9 +56,262 @@ function make(tag, ...classes) {
 	return el;
 }

-function escapeHtml(text) {
-	return text
-		.replace(/&/g, "&amp;")
-		.replace(/</g, "&lt;")
-		.replace(/>/g, "&gt;");
+function fillSelect($select, options, callback) {
+	$select.innerHTML = "";
+
+	for (const option of options) {
+		const el = document.createElement("option");
+
+		callback(el, option);
+
+		$select.appendChild(el);
+	}
+}
+
+function wait(ms) {
+	return new Promise(resolve => setTimeout(resolve, ms));
+}
+
+function escapeHtml(text) {
+	return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+}
+
+function formatMilliseconds(ms) {
+	if (ms < 1000) {
+		return `${ms}ms`;
+	} else if (ms < 10000) {
+		return `${(ms / 1000).toFixed(1)}s`;
+	}
+
+	return `${Math.round(ms / 1000)}s`;
+}
+
+function fixed(num, decimals = 0) {
+	return num.toFixed(decimals).replace(/\.?0+$/m, "");
+}
+
+function formatMoney(num) {
+	if (num === 0) {
+		return "0ct";
+	}
+
+	if (num < 1) {
+		let decimals = 1;
+
+		if (num < 0.0001) {
+			decimals = 3;
+		} else if (num < 0.001) {
+			decimals = 2;
+		}
+
+		return `${fixed(num * 100, decimals)}ct`;
+	}
+
+	return `$${fixed(num, 2)}`;
+}
+
+function clamp(num, min, max) {
+	return Math.min(Math.max(num, min), max);
+}
+
+function download(name, type, data) {
+	let blob;
+
+	if (data instanceof Blob) {
+		blob = data;
+	} else {
+		blob = new Blob([data], {
+			type: type,
+		});
+	}
+
+	const a = document.createElement("a"),
+		url = URL.createObjectURL(blob);
+
+	a.setAttribute("download", name);
+	a.style.display = "none";
+	a.href = url;
+
+	document.body.appendChild(a);
+
+	a.click();
+
+	document.body.removeChild(a);
+	URL.revokeObjectURL(url);
+}
+
+function lines(text) {
+	let count = 0,
+		index = 0;
+
+	while (index < text.length) {
+		index = text.indexOf("\n", index);
+
+		if (index === -1) {
+			break;
+		}
+
+		count++;
+		index++;
+	}
+
+	return count + 1;
+}
+
+function readFile(file, handler, onError = false) {
+	return new Promise(resolve => {
+		const reader = new FileReader();
+
+		reader.onload = () => {
+			try {
+				const result = {
+					name: file.name,
+					content: reader.result,
+				};
+
+				handler(result);
+
+				resolve(result);
+			} catch (err) {
+				onError?.(`${file.name}: ${err.message}`);
+
+				resolve(false);
+			}
+		};
+
+		reader.onerror = () => resolve(false);
+
+		reader.readAsText(file);
+	});
+}
+
+function selectFile(accept, multiple, handler, onError = false) {
+	return new Promise(resolve => {
+		const input = make("input");
+
+		input.type = "file";
+		input.accept = accept;
+		input.multiple = multiple;
+
+		input.onchange = async () => {
+			const files = input.files;
+
+			if (!files.length) {
+				resolve(false);
+
+				return;
+			}
+
+			const results = [];
+
+			for (const file of files) {
+				const result = await readFile(file, handler, onError);
+
+				if (result) {
+					results.push(result);
+				}
+			}
+
+			if (!results.length) {
+				resolve(false);
+
+				return;
+			}
+
+			resolve(multiple ? results : results[0]);
+		};
+
+		input.click();
+	});
+}
+
+async function detectPlatform() {
+	let os, arch;
+
+	let platform = navigator.platform || "";
+
+	if (navigator.userAgentData?.getHighEntropyValues) {
+		try {
+			const data = await navigator.userAgentData.getHighEntropyValues(["platform", "architecture"]);
+
+			platform = data.platform;
+			arch = data.architecture;
+		} catch {}
+	}
+
+	const ua = navigator.userAgent || "";
+
+	// Windows
+	if (/Windows NT 10\.0/.test(ua)) os = "Windows 10/11";
+	else if (/Windows NT 6\.3/.test(ua)) os = "Windows 8.1";
+	else if (/Windows NT 6\.2/.test(ua)) os = "Windows 8";
+	else if (/Windows NT 6\.1/.test(ua)) os = "Windows 7";
+	else if (/Windows NT 6\.0/.test(ua)) os = "Windows Vista";
+	else if (/Windows NT 5\.1/.test(ua)) os = "Windows XP";
+	else if (/Windows NT 5\.0/.test(ua)) os = "Windows 2000";
+	else if (/Windows NT 4\.0/.test(ua)) os = "Windows NT 4.0";
+	else if (/Win(98|95|16)/.test(ua)) os = "Windows (legacy)";
+	else if (/Windows/.test(ua)) os = "Windows (unknown version)";
+	// Mac OS
+	else if (/Mac OS X/.test(ua)) {
+		os = "macOS";
+
+		const match = ua.match(/Mac OS X ([0-9_]+)/);
+
+		if (match) {
+			os += ` ${match[1].replace(/_/g, ".")}`;
+		} else {
+			os += " (unknown version)";
+		}
+	}
+	// Chrome OS
+	else if (/CrOS/.test(ua)) {
+		os = "Chrome OS";
+
+		const match = ua.match(/CrOS [^ ]+ ([0-9.]+)/);
+
+		if (match) {
+			os += ` ${match[1]}`;
+		}
+	}
+	// Linux (special)
+	else if (/FreeBSD/.test(ua)) os = "FreeBSD";
+	else if (/OpenBSD/.test(ua)) os = "OpenBSD";
+	else if (/NetBSD/.test(ua)) os = "NetBSD";
+	else if (/SunOS/.test(ua)) os = "Solaris";
+	// Linux (generic)
+	else if (/Linux/.test(ua)) {
+		if (/Ubuntu/i.test(ua)) os = "Ubuntu";
+		else if (/Debian/i.test(ua)) os = "Debian";
+		else if (/Fedora/i.test(ua)) os = "Fedora";
+		else if (/CentOS/i.test(ua)) os = "CentOS";
+		else if (/Red Hat/i.test(ua)) os = "Red Hat";
+		else if (/SUSE/i.test(ua)) os = "SUSE";
+		else if (/Gentoo/i.test(ua)) os = "Gentoo";
+		else if (/Arch/i.test(ua)) os = "Arch Linux";
+		else os = "Linux";
+	}
+	// Mobile
+	else if (/Android/.test(ua)) os = "Android";
+	else if (/iPhone|iPad|iPod/.test(ua)) os = "iOS";
+
+	// We still have no OS?
+	if (!os && platform) {
+		if (platform.includes("Win")) os = "Windows";
+		else if (/Mac/.test(platform)) os = "macOS";
+		else if (/Linux/.test(platform)) os = "Linux";
+		else os = platform;
+	}
+
+	// Detect architecture
+	if (!arch) {
+		if (/WOW64|Win64|x64|amd64/i.test(ua)) arch = "x64";
+		else if (/arm64|aarch64/i.test(ua)) arch = "arm64";
+		else if (/i[0-9]86|x86/i.test(ua)) arch = "x86";
+		else if (/ppc/i.test(ua)) arch = "ppc";
+		else if (/sparc/i.test(ua)) arch = "sparc";
+		else if (platform && /arm/i.test(platform)) arch = "arm";
+	}
+
+	return `${os || "Unknown OS"}${arch ? `, ${arch}` : ""}`;
 }
--- a/static/js/markdown.js
+++ b/static/js/markdown.js
@@ -8,12 +8,20 @@
 		pedantic: false,

 		walkTokens: (token) => {
-			const { type, lang, text } = token;
+			const { type, text } = token;

-			if (type !== "code") {
+			if (type === "html") {
+				token.text = token.text.replace(/&/g, "&amp;")
+				token.text = token.text.replace(/</g, "&lt;")
+				token.text = token.text.replace(/>/g, "&gt;")
+
+				return;
+			} else if (type !== "code") {
 				return;
 			}

+			const lang = token.lang || "plaintext";
+
 			let code;

 			if (lang && hljs.getLanguage(lang)) {
--- a/stats.go
+++ b/stats.go
@@ -0,0 +1,67 @@
+package main
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/go-chi/chi/v5"
+)
+
+type Statistics struct {
+	Provider     *string `json:"provider,omitempty"`
+	Model        string  `json:"model"`
+	Cost         float64 `json:"cost"`
+	TTFT         int     `json:"ttft"`
+	Time         int     `json:"time"`
+	InputTokens  int     `json:"input"`
+	OutputTokens int     `json:"output"`
+}
+
+func HandleStats(w http.ResponseWriter, r *http.Request) {
+	id := chi.URLParam(r, "id")
+
+	if id == "" || !strings.HasPrefix(id, "gen-") {
+		RespondJson(w, http.StatusBadRequest, map[string]any{
+			"error": "invalid id",
+		})
+
+		return
+	}
+
+	generation, err := OpenRouterGetGeneration(r.Context(), id)
+	if err != nil {
+		RespondJson(w, http.StatusInternalServerError, map[string]any{
+			"error": err.Error(),
+		})
+
+		return
+	}
+
+	statistics := Statistics{
+		Provider: generation.ProviderName,
+		Model:    generation.Model,
+		Cost:     generation.TotalCost,
+		TTFT:     Nullable(generation.Latency, 0),
+		Time:     Nullable(generation.GenerationTime, 0),
+	}
+
+	nativeIn := Nullable(generation.NativeTokensPrompt, 0)
+	normalIn := Nullable(generation.TokensPrompt, 0)
+
+	statistics.InputTokens = max(nativeIn, normalIn)
+
+	nativeOut := Nullable(generation.NativeTokensCompletion, 0) + Nullable(generation.NativeTokensReasoning, 0)
+	normalOut := Nullable(generation.TokensCompletion, 0)
+
+	statistics.OutputTokens = max(nativeOut, normalOut)
+
+	RespondJson(w, http.StatusOK, statistics)
+}
+
+func Nullable[T any](ptr *T, def T) T {
+	if ptr == nil {
+		return def
+	}
+
+	return *ptr
+}
--- a/stream.go
+++ b/stream.go
@@ -1,53 +1,47 @@
 package main

 import (
+	"bytes"
+	"context"
 	"encoding/json"
 	"errors"
 	"net/http"
+	"sync"

 	"github.com/revrost/go-openrouter"
 )

 type Chunk struct {
 	Type string `json:"type"`
-	Text string `json:"text"`
+	Text any    `json:"text"`
 }

 type Stream struct {
-	wr http.ResponseWriter
-	fl http.Flusher
-	en *json.Encoder
+	wr  http.ResponseWriter
+	ctx context.Context
 }

-func NewStream(w http.ResponseWriter) (*Stream, error) {
-	flusher, ok := w.(http.Flusher)
-	if !ok {
-		return nil, errors.New("failed to create flusher")
-	}
+var pool = sync.Pool{
+	New: func() interface{} {
+		return &bytes.Buffer{}
+	},
+}

+func NewStream(w http.ResponseWriter, ctx context.Context) (*Stream, error) {
 	w.Header().Set("Content-Type", "text/event-stream")
 	w.Header().Set("Cache-Control", "no-cache")
 	w.Header().Set("Connection", "keep-alive")

 	return &Stream{
-		wr: w,
-		fl: flusher,
-		en: json.NewEncoder(w),
+		wr:  w,
+		ctx: ctx,
 	}, nil
 }

 func (s *Stream) Send(ch Chunk) error {
-	if err := s.en.Encode(ch); err != nil {
-		return err
-	}
+	debugIf(ch.Type == "error", "error: %v", ch.Text)

-	if _, err := s.wr.Write([]byte("\n\n")); err != nil {
-		return err
-	}
-
-	s.fl.Flush()
-
-	return nil
+	return WriteChunk(s.wr, s.ctx, ch)
 }

 func ReasoningChunk(text string) Chunk {
@@ -60,7 +54,21 @@ func ReasoningChunk(text string) Chunk {
 func TextChunk(text string) Chunk {
 	return Chunk{
 		Type: "text",
-		Text: text,
+		Text: CleanChunk(text),
+	}
+}
+
+func ToolChunk(tool *ToolCall) Chunk {
+	return Chunk{
+		Type: "tool",
+		Text: tool,
+	}
+}
+
+func IDChunk(id string) Chunk {
+	return Chunk{
+		Type: "id",
+		Text: id,
 	}
 }

@@ -78,3 +86,39 @@ func GetErrorMessage(err error) string {

 	return err.Error()
 }
+
+func WriteChunk(w http.ResponseWriter, ctx context.Context, chunk any) error {
+	if err := ctx.Err(); err != nil {
+		return err
+	}
+
+	buf := pool.Get().(*bytes.Buffer)
+
+	buf.Reset()
+
+	defer pool.Put(buf)
+
+	if err := json.NewEncoder(buf).Encode(chunk); err != nil {
+		return err
+	}
+
+	buf.Write([]byte("\n\n"))
+
+	if _, err := w.Write(buf.Bytes()); err != nil {
+		return err
+	}
+
+	flusher, ok := w.(http.Flusher)
+	if !ok {
+		return errors.New("failed to create flusher")
+	}
+
+	select {
+	case <-ctx.Done():
+		return ctx.Err()
+	default:
+		flusher.Flush()
+
+		return nil
+	}
+}
--- a/title.go
+++ b/title.go
@@ -0,0 +1,152 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/revrost/go-openrouter"
+	"github.com/revrost/go-openrouter/jsonschema"
+)
+
+type TitleRequest struct {
+	Title    *string   `json:"title"`
+	Messages []Message `json:"messages"`
+}
+
+type TitleResponse struct {
+	Title string `json:"title"`
+}
+
+var (
+	titleReplacer = strings.NewReplacer(
+		"\r", "",
+		"\n", "\\n",
+		"\t", "\\t",
+	)
+
+	titleSchema, _ = jsonschema.GenerateSchema[TitleResponse]()
+)
+
+func HandleTitle(w http.ResponseWriter, r *http.Request) {
+	debug("parsing title")
+
+	var raw TitleRequest
+
+	if err := json.NewDecoder(r.Body).Decode(&raw); err != nil {
+		RespondJson(w, http.StatusBadRequest, map[string]any{
+			"error": err.Error(),
+		})
+
+		return
+	}
+
+	debug("preparing request")
+
+	messages := make([]string, 0, len(raw.Messages))
+
+	for _, message := range raw.Messages {
+		switch message.Role {
+		case "system", "assistant", "user":
+			text := message.Text
+
+			if len(message.Files) != 0 {
+				if text != "" {
+					text += "\n"
+				}
+
+				files := make([]string, len(message.Files))
+
+				for i, file := range message.Files {
+					files[i] = file.Name
+				}
+
+				text += fmt.Sprintf("FILES: %s", strings.Join(files, ", "))
+			}
+
+			if text != "" {
+				text = strings.TrimSpace(text)
+				text = titleReplacer.Replace(text)
+
+				messages = append(messages, fmt.Sprintf("%s: %s", strings.ToUpper(message.Role), text))
+			}
+		}
+	}
+
+	if len(messages) == 0 {
+		RespondJson(w, http.StatusBadRequest, map[string]any{
+			"error": "no valid messages",
+		})
+
+		return
+	}
+
+	var prompt strings.Builder
+
+	if err := InternalTitleTmpl.Execute(&prompt, raw); err != nil {
+		RespondJson(w, http.StatusInternalServerError, map[string]any{
+			"error": err.Error(),
+		})
+
+		return
+	}
+
+	request := openrouter.ChatCompletionRequest{
+		Model: env.Settings.TitleModel,
+		Messages: []openrouter.ChatCompletionMessage{
+			openrouter.SystemMessage(prompt.String()),
+			openrouter.UserMessage(strings.Join(messages, "\n")),
+		},
+		Temperature: 0.25,
+		MaxTokens:   100,
+		ResponseFormat: &openrouter.ChatCompletionResponseFormat{
+			Type: openrouter.ChatCompletionResponseFormatTypeJSONSchema,
+			JSONSchema: &openrouter.ChatCompletionResponseFormatJSONSchema{
+				Name:   "chat_title",
+				Schema: titleSchema,
+				Strict: true,
+			},
+		},
+		Usage: &openrouter.IncludeUsage{
+			Include: true,
+		},
+	}
+
+	if raw.Title != nil {
+		request.Temperature = 0.4
+	}
+
+	dump("title.json", request)
+
+	debug("generating title")
+
+	response, err := OpenRouterRun(r.Context(), request)
+	if err != nil {
+		RespondJson(w, http.StatusInternalServerError, map[string]any{
+			"error": err.Error(),
+		})
+
+		return
+	}
+
+	choice := response.Choices[0].Message.Content.Text
+	cost := response.Usage.Cost
+
+	var result TitleResponse
+
+	err = json.Unmarshal([]byte(choice), &result)
+	if err != nil {
+		RespondJson(w, http.StatusInternalServerError, map[string]any{
+			"error": err.Error(),
+			"cost":  cost,
+		})
+
+		return
+	}
+
+	RespondJson(w, http.StatusOK, map[string]any{
+		"title": result.Title,
+		"cost":  cost,
+	})
+}
--- a/whiskr.service
+++ b/whiskr.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=Whiskr Chat
+After=multi-user.target
+StartLimitBurst=10
+StartLimitIntervalSec=60
+
+[Service]
+Type=simple
+Restart=always
+RestartSec=5
+User=root
+WorkingDirectory=/var/whiskr
+ExecStart=/var/whiskr/whiskr
+StandardOutput=append:/var/whiskr/whiskr.log
+StandardError=append:/var/whiskr/whiskr.log
+
+[Install]
+WantedBy=multi-user.target
Author	SHA1	Message	Date
Laura	87d33a8d1d	much improved search	2025-08-31 00:25:03 +02:00
Laura	c7a2848d05	wip	2025-08-30 15:06:49 +02:00
Laura	118e88ab67	some small fixes	2025-08-30 15:05:32 +02:00
Laura	dc8ad8d408	dynamic edit height	2025-08-30 14:34:29 +02:00
Laura	7abfd965db	fix title schema	2025-08-30 14:15:22 +02:00
Laura	fc0a34ee12	import/export title	2025-08-30 14:13:24 +02:00
Laura	be17a801f8	improvements	2025-08-30 00:25:48 +02:00
Laura	c7c3bff2d8	better logger	2025-08-29 22:55:41 +02:00
Laura	3d629c93c5	harden response streaming	2025-08-29 19:26:55 +02:00
Laura	58aa250abe	cleanup file select	2025-08-29 00:10:11 +02:00
Laura	87ea9823d2	prompt tweaks	2025-08-28 20:17:21 +02:00
Laura	40f98b0fd6	fix collapse styling	2025-08-28 20:12:20 +02:00
Laura	413515340a	fix border radius	2025-08-28 18:45:19 +02:00
Laura	225cf59b4e	improvements	2025-08-28 16:37:48 +02:00
Laura	f14faa11f2	show tool call cost	2025-08-28 15:00:02 +02:00
Laura	98c6976dfa	include exa cost	2025-08-28 14:46:28 +02:00
Laura	b331920634	cleanup	2025-08-28 14:36:52 +02:00
Laura	ca5693b08a	fix	2025-08-28 01:24:42 +02:00
Laura	26ad8698b7	show retry btn	2025-08-27 17:24:57 +02:00
Laura	5dbb0b0815	small fix	2025-08-27 17:24:08 +02:00
Laura	5479286595	fix	2025-08-27 13:04:55 +02:00
Laura	36cc50e90b	notes	2025-08-26 03:04:54 +02:00
Laura	7d48984703	notes	2025-08-26 02:29:21 +02:00
Laura	1993b95877	cleanup and improve prompts	2025-08-26 00:54:19 +02:00
Laura	b319dce942	multi-file select	2025-08-26 00:48:46 +02:00
Laura	5e10c86697	tweaks	2025-08-26 00:23:16 +02:00
Laura	35a04ebbf5	tweaks	2025-08-26 00:22:32 +02:00
Laura	aa40645836	better notifications	2025-08-25 23:36:46 +02:00
Laura	82e91cfc3e	title generation	2025-08-25 22:45:03 +02:00
Laura	3eac1a0795	tweak	2025-08-25 18:38:37 +02:00
Laura	908fdb2e93	github tool	2025-08-25 18:37:30 +02:00
Laura	b44da19987	note	2025-08-24 00:38:45 +02:00
Laura	172746e10a	update packages	2025-08-24 00:33:04 +02:00
Laura	c70880b31b	note	2025-08-24 00:32:40 +02:00
Laura	6a393a7da2	referer	2025-08-23 22:39:15 +02:00
Laura	480e955910	total cost tracker	2025-08-23 18:07:53 +02:00
Laura	9bf526fd01	tweak	2025-08-23 17:44:36 +02:00
Laura	dea725e17c	scroll bottom and top	2025-08-23 17:43:37 +02:00
Laura	3b2fbad877	tweak	2025-08-23 17:22:14 +02:00
Laura	31cf76e431	resizable chat box	2025-08-23 17:15:03 +02:00
Laura	77c9e0baa4	some fixes	2025-08-23 16:39:09 +02:00
Laura	a41162f5d8	prompt tweaks and fixes	2025-08-23 16:17:01 +02:00
Laura	d026c57ad2	dynamic iterations	2025-08-23 15:19:43 +02:00
Laura	bbe5a54ce1	some more todo's	2025-08-23 14:01:52 +02:00
Laura	8987d71f98	some more todo's	2025-08-23 14:01:30 +02:00
Laura	53f999471d	add cache busting	2025-08-23 13:17:46 +02:00
Laura	ebb27ef34e	loading screen and icon preload	2025-08-19 17:12:36 +02:00
Laura	c24b0e87f7	example nginx config	2025-08-19 16:42:30 +02:00
Laura	fc27441bda	todo	2025-08-18 05:21:24 +02:00
Laura	89df106aa6	todo	2025-08-18 05:16:18 +02:00
Laura	6bd6554997	config tweaks	2025-08-18 05:15:48 +02:00
Laura	9f7f49b9eb	fix version	2025-08-18 05:05:07 +02:00
Laura	bde748ff0a	cleanup	2025-08-18 05:01:29 +02:00
Laura	5f0baf384a	fix	2025-08-18 04:58:55 +02:00
Laura	2a25fd4f19	new prompt and update sc	2025-08-18 04:52:22 +02:00
Laura	837c32de28	tweak	2025-08-18 04:46:59 +02:00
Laura	b28c1987b0	fixes and dynamic prompts	2025-08-18 04:46:17 +02:00
Laura	e0fdaa6cdf	file attachments	2025-08-18 03:47:37 +02:00
Laura	860d029f2e	small fix	2025-08-17 04:19:05 +02:00
Laura	efd373f4c8	premade systemd service	2025-08-16 17:38:35 +02:00
Laura	dbac0d7b50	show login on logout	2025-08-16 17:33:32 +02:00
Laura	5f62bffd98	fix	2025-08-16 17:29:53 +02:00
Laura	2e1822c3c4	typo	2025-08-16 17:24:40 +02:00
Laura	c7523268be	tweak	2025-08-16 17:23:55 +02:00
Laura	07624fd9fb	update readme	2025-08-16 17:23:08 +02:00
Laura	e10c3dce3f	authentication	2025-08-16 17:18:48 +02:00
Laura	a138378f19	env tweaks	2025-08-16 16:03:36 +02:00
Laura	e47abbbbee	update readme	2025-08-16 15:17:09 +02:00
Laura	0e198ec88f	small tweak	2025-08-16 15:16:34 +02:00
Laura	abefbf1b92	use yml for config	2025-08-16 15:15:06 +02:00
Laura	f5f984a46f	more todos	2025-08-16 14:54:57 +02:00
Laura	f72c13ba4c	note import/export in readme	2025-08-16 14:54:41 +02:00
Laura	66cf5011a5	import and export	2025-08-16 14:54:27 +02:00
Laura	566996a728	mark retry messages	2025-08-16 14:32:57 +02:00
Laura	c2113e8491	retry button	2025-08-16 14:07:45 +02:00
Laura	30f2b6656e	some fixes	2025-08-16 13:53:55 +02:00
Laura	d0616eaec3	small styling tweak	2025-08-15 03:47:40 +02:00
Laura	75a9d893c3	tweaks	2025-08-15 03:38:24 +02:00
Laura	3adaa69bc0	some more prompts	2025-08-15 03:00:59 +02:00
Laura	3251b297d4	update readme	2025-08-14 17:15:33 +02:00
Laura	0b51ee9dad	better search tools	2025-08-14 17:08:45 +02:00
Laura	5d44980510	tweak	2025-08-14 03:53:38 +02:00
Laura	c740cd293d	better searching	2025-08-14 03:53:14 +02:00
Laura	8a790df2af	statistics	2025-08-11 15:43:00 +02:00
Laura	c10b657742	small fix	2025-08-11 02:27:58 +02:00