Four review findings addressed:
- High: draft_template 'Run now, templatize after' DOES run the
script; applied_at table now stamps for both one_off and
draft_template. Only build_template (no run) skips the stamp.
- Medium: TemplateMatchPanel needs an explicit '✓ I ran this' button.
Generate/Copy don't commit to running. The new button is the stamp
moment for template-match fixes.
- Medium: get-or-create for inline script_builder_sessions —
POST /script-builder/sessions is now idempotent for
origin='pilot_inline' (returns the existing row for a
(user, ai_session_id) pair). Backed by a partial unique index:
UNIQUE (user_id, ai_session_id) WHERE origin = 'pilot_inline'
so remount doesn't create duplicates and draft continuity is
preserved.
- Medium: authorization — the create endpoint validates that any
provided ai_session_id is owned by the current user (same guard
other pilot endpoints use). Prevents cross-user attachment of
scratch sessions to arbitrary pilot sessions.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Michael Chihlas
75b59123e6