feat: add DELETE /sessions/:id/history endpoint for conversation clear

Implements the clear-history endpoint required by issue #3. All other pieces (session_messages table, getSessionHistory, context injection, frontend clear button) were already in place — this adds the missing backend route that the frontend's _clearHistory function calls. - DELETE /sessions/:id/history requires valid macaroon (Bearer auth) - Returns 404 if session not found, 401 on bad macaroon, 410 if expired - Deletes all session_messages rows for the session on success Fixes #3 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-23 16:35:23 -04:00
parent e41d30d308
commit 4c69664332
1 changed files with 28 additions and 0 deletions
--- a/artifacts/api-server/src/routes/sessions.ts
+++ b/artifacts/api-server/src/routes/sessions.ts
@@ -574,4 +574,32 @@ router.post("/sessions/:id/topup", async (req: Request, res: Response) => {
  }
 });

+// ── DELETE /sessions/:id/history ─────────────────────────────────────────────
+
+router.delete("/sessions/:id/history", async (req: Request, res: Response) => {
+  const id = req.params.id as string;
+  const macaroon = extractMacaroon(req);
+
+  try {
+    const session = await getSessionById(id);
+    if (!session) { res.status(404).json({ error: "Session not found" }); return; }
+
+    if (!macaroon || macaroon !== session.macaroon) {
+      res.status(401).json({ error: "Invalid or missing macaroon. Include 'Authorization: Bearer <macaroon>' header." });
+      return;
+    }
+
+    if (checkExpired(session) || session.state === "expired") {
+      res.status(410).json({ error: "Session has expired" });
+      return;
+    }
+
+    await db.delete(sessionMessages).where(eq(sessionMessages.sessionId, id));
+
+    res.json({ cleared: true });
+  } catch (err) {
+    res.status(500).json({ error: err instanceof Error ? err.message : "Failed to clear history" });
+  }
+});
+
 export default router;