From 4c696643328c6c5c1ea4c544e466bca67b740293 Mon Sep 17 00:00:00 2001
From: Alexander Whitestone <alexpaynex@gmail.com>
Date: Mon, 23 Mar 2026 16:35:23 -0400
Subject: [PATCH] feat: add DELETE /sessions/:id/history endpoint for
 conversation clear
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Implements the clear-history endpoint required by issue #3. All other
pieces (session_messages table, getSessionHistory, context injection,
frontend clear button) were already in place — this adds the missing
backend route that the frontend's _clearHistory function calls.

- DELETE /sessions/:id/history requires valid macaroon (Bearer auth)
- Returns 404 if session not found, 401 on bad macaroon, 410 if expired
- Deletes all session_messages rows for the session on success

Fixes #3

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 artifacts/api-server/src/routes/sessions.ts | 28 +++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/artifacts/api-server/src/routes/sessions.ts b/artifacts/api-server/src/routes/sessions.ts
index 6d459b7..036d79e 100644
--- a/artifacts/api-server/src/routes/sessions.ts
+++ b/artifacts/api-server/src/routes/sessions.ts
@@ -574,4 +574,32 @@ router.post("/sessions/:id/topup", async (req: Request, res: Response) => {
   }
 });
 
+// ── DELETE /sessions/:id/history ─────────────────────────────────────────────
+
+router.delete("/sessions/:id/history", async (req: Request, res: Response) => {
+  const id = req.params.id as string;
+  const macaroon = extractMacaroon(req);
+
+  try {
+    const session = await getSessionById(id);
+    if (!session) { res.status(404).json({ error: "Session not found" }); return; }
+
+    if (!macaroon || macaroon !== session.macaroon) {
+      res.status(401).json({ error: "Invalid or missing macaroon. Include 'Authorization: Bearer <macaroon>' header." });
+      return;
+    }
+
+    if (checkExpired(session) || session.state === "expired") {
+      res.status(410).json({ error: "Session has expired" });
+      return;
+    }
+
+    await db.delete(sessionMessages).where(eq(sessionMessages.sessionId, id));
+
+    res.json({ cleared: true });
+  } catch (err) {
+    res.status(500).json({ error: err instanceof Error ? err.message : "Failed to clear history" });
+  }
+});
+
 export default router;
-- 
2.43.0