feat: enhance notes collaboration, security, and map stability

- Fixed map zooming loop by clearing targetPosition and removing redundant updates.
- Improved user management to handle existing Supabase Auth accounts and trigger invitations.
- Secured AI prompts and database queries against injection and LIKE wildcard manipulation.
- Implemented row-level filtered Supabase Realtime for collaborative notes.
- Resolved build errors and synchronized branch with latest main via rebase.
- Added namespaced 'noteMarkers' to preserve map state during note taking.

Co-authored-by: ngoiyaeric <115367894+ngoiyaeric@users.noreply.github.com>

Author: google-labs-jules[bot]

app/actions.tsx

@@ -7,7 +7,7 @@ import {
   getMutableAIState
 } from 'ai/rsc'
 import { CoreMessage, ToolResultPart } from 'ai'
-import { nanoid } from 'nanoid'
+import { nanoid } from '@/lib/utils'
 import type { FeatureCollection } from 'geojson'
 import { Spinner } from '@/components/ui/spinner'
 import { Section } from '@/components/section'
@@ -21,6 +21,7 @@ import { BotMessage } from '@/components/message'
 import { SearchSection } from '@/components/search-section'
 import SearchRelated from '@/components/search-related'
 import { GeoJsonLayer } from '@/components/map/geojson-layer'
+import { ResolutionCarousel } from '@/components/resolution-carousel'
 import { ResolutionImage } from '@/components/resolution-image'
 import { CopilotDisplay } from '@/components/copilot-display'
 import RetrieveSection from '@/components/retrieve-section'
@@ -50,18 +51,29 @@ async function submit(formData?: FormData, skip?: boolean) {
   }
 
   if (action === 'resolution_search') {
-    const file = formData?.get('file') as File;
+    const file_mapbox = formData?.get('file_mapbox') as File;
+    const file_google = formData?.get('file_google') as File;
+    const file = (formData?.get('file') as File) || file_mapbox || file_google;
     const timezone = (formData?.get('timezone') as string) || 'UTC';
+    const lat = formData?.get('latitude') ? parseFloat(formData.get('latitude') as string) : undefined;
+    const lng = formData?.get('longitude') ? parseFloat(formData.get('longitude') as string) : undefined;
+    const location = (lat !== undefined && lng !== undefined) ? { lat, lng } : undefined;
 
     if (!file) {
       throw new Error('No file provided for resolution search.');
     }
 
+    const mapboxBuffer = file_mapbox ? await file_mapbox.arrayBuffer() : null;
+    const mapboxDataUrl = mapboxBuffer ? `data:${file_mapbox.type};base64,${Buffer.from(mapboxBuffer).toString('base64')}` : null;
+
+    const googleBuffer = file_google ? await file_google.arrayBuffer() : null;
+    const googleDataUrl = googleBuffer ? `data:${file_google.type};base64,${Buffer.from(googleBuffer).toString('base64')}` : null;
+
     const buffer = await file.arrayBuffer();
     const dataUrl = `data:${file.type};base64,${Buffer.from(buffer).toString('base64')}`;
 
     const messages: CoreMessage[] = [...(aiState.get().messages as any[])].filter(
-      message =>
+      (message: any) =>
         message.role !== 'tool' &&
         message.type !== 'followup' &&
         message.type !== 'related' &&
@@ -89,7 +101,7 @@ async function submit(formData?: FormData, skip?: boolean) {
 
     async function processResolutionSearch() {
       try {
-        const streamResult = await resolutionSearch(messages, timezone, drawnFeatures);
+        const streamResult = await resolutionSearch(messages, timezone, drawnFeatures, location);
 
         let fullSummary = '';
         for await (const partialObject of streamResult.partialObjectStream) {
@@ -113,7 +125,7 @@ async function submit(formData?: FormData, skip?: boolean) {
 
         messages.push({ role: 'assistant', content: analysisResult.summary || 'Analysis complete.' });
 
-        const sanitizedMessages: CoreMessage[] = messages.map(m => {
+        const sanitizedMessages: CoreMessage[] = messages.map((m: any) => {
           if (Array.isArray(m.content)) {
             return {
               ...m,
@@ -124,7 +136,7 @@ async function submit(formData?: FormData, skip?: boolean) {
         })
 
         const currentMessages = aiState.get().messages;
-        const sanitizedHistory = currentMessages.map(m => {
+        const sanitizedHistory = currentMessages.map((m: any) => {
           if (m.role === "user" && Array.isArray(m.content)) {
             return {
               ...m,
@@ -159,7 +171,9 @@ async function submit(formData?: FormData, skip?: boolean) {
               role: 'assistant',
               content: JSON.stringify({
                 ...analysisResult,
-                image: dataUrl
+                image: dataUrl,
+                mapboxImage: mapboxDataUrl,
+                googleImage: googleDataUrl
               }),
               type: 'resolution_search_result'
             },
@@ -190,7 +204,11 @@ async function submit(formData?: FormData, skip?: boolean) {
 
     uiStream.update(
       <Section title="response">
-        <ResolutionImage src={dataUrl} />
+        <ResolutionCarousel
+          mapboxImage={mapboxDataUrl || undefined}
+          googleImage={googleDataUrl || undefined}
+          initialImage={dataUrl}
+        />
         <BotMessage content={summaryStream.value} />
       </Section>
     );
@@ -203,43 +221,20 @@ async function submit(formData?: FormData, skip?: boolean) {
     };
   }
 
-  const messages: CoreMessage[] = [...(aiState.get().messages as any[])].filter(
-    message =>
-      message.role !== 'tool' &&
-      message.type !== 'followup' &&
-      message.type !== 'related' &&
-      message.type !== 'end' &&
-      message.type !== 'resolution_search_result'
-  ).map(m => {
-    if (Array.isArray(m.content)) {
-      return {
-        ...m,
-        content: m.content.filter((part: any) =>
-          part.type !== "image" || (typeof part.image === "string" && part.image.startsWith("data:"))
-        )
-      } as any
-    }
-    return m
-  })
-
-  const groupeId = nanoid()
-  const useSpecificAPI = process.env.USE_SPECIFIC_API_FOR_WRITER === 'true'
-  const maxMessages = useSpecificAPI ? 5 : 10
-  messages.splice(0, Math.max(messages.length - maxMessages, 0))
-
+  const file = !skip ? (formData?.get('file') as File) : undefined
   const userInput = skip
     ? `{"action": "skip"}`
     : ((formData?.get('related_query') as string) ||
       (formData?.get('input') as string))
 
-  if (userInput.toLowerCase().trim() === 'what is a planet computer?' || userInput.toLowerCase().trim() === 'what is qcx-terra?') {
+  if (userInput && (userInput.toLowerCase().trim() === 'what is a planet computer?' || userInput.toLowerCase().trim() === 'what is qcx-terra?')) {
     const definition = userInput.toLowerCase().trim() === 'what is a planet computer?'
       ? `A planet computer is a proprietary environment aware system that interoperates weather forecasting, mapping and scheduling using cutting edge multi-agents to streamline automation and exploration on a planet. Available for our Pro and Enterprise customers. [QCX Pricing](https://www.queue.cx/#pricing)`
-
       : `QCX-Terra is a model garden of pixel level precision geospatial foundational models for efficient land feature predictions from satellite imagery. Available for our Pro and Enterprise customers. [QCX Pricing] (https://www.queue.cx/#pricing)`;
 
     const content = JSON.stringify(Object.fromEntries(formData!));
     const type = 'input';
+    const groupeId = nanoid();
 
     aiState.update({
       ...aiState.get(),
@@ -299,10 +294,9 @@ async function submit(formData?: FormData, skip?: boolean) {
       id: nanoid(),
       isGenerating: isGenerating.value,
       component: uiStream.value,
-      isCollapsed: isCollapsed.value,
+      isCollapsed: isCollapsed.value
     };
   }
-  const file = !skip ? (formData?.get('file') as File) : undefined
 
   if (!userInput && !file) {
     isGenerating.done(false)
@@ -314,6 +308,30 @@ async function submit(formData?: FormData, skip?: boolean) {
     }
   }
 
+  const messages: CoreMessage[] = [...(aiState.get().messages as any[])].filter(
+    (message: any) =>
+      message.role !== 'tool' &&
+      message.type !== 'followup' &&
+      message.type !== 'related' &&
+      message.type !== 'end' &&
+      message.type !== 'resolution_search_result'
+  ).map((m: any) => {
+    if (Array.isArray(m.content)) {
+      return {
+        ...m,
+        content: m.content.filter((part: any) =>
+          part.type !== "image" || (typeof part.image === "string" && part.image.startsWith("data:"))
+        )
+      } as any
+    }
+    return m
+  })
+
+  const groupeId = nanoid()
+  const useSpecificAPI = process.env.USE_SPECIFIC_API_FOR_WRITER === 'true'
+  const maxMessages = useSpecificAPI ? 5 : 10
+  messages.splice(0, Math.max(messages.length - maxMessages, 0))
+
   const messageParts: {
     type: 'text' | 'image'
     text?: string
@@ -725,12 +743,18 @@ export const getUIStateFromAIState = (aiState: AIState): UIState => {
               const analysisResult = JSON.parse(content as string);
               const geoJson = analysisResult.geoJson as FeatureCollection;
               const image = analysisResult.image as string;
+              const mapboxImage = analysisResult.mapboxImage as string;
+              const googleImage = analysisResult.googleImage as string;
 
               return {
                 id,
                 component: (
                   <>
-                    {image && <ResolutionImage src={image} />}
+                    <ResolutionCarousel
+                      mapboxImage={mapboxImage}
+                      googleImage={googleImage}
+                      initialImage={image}
+                    />
                     {geoJson && (
                       <GeoJsonLayer id={id} data={geoJson} />
                     )}

app/layout.tsx

@@ -112,7 +112,6 @@ export default function RootLayout({
                         <Header />
                         <ConditionalLottie />
                         {children}
-                        <Sidebar />
                         <HistorySidebar />
                         <Footer />
                         <Toaster />

app/page.tsx

@@ -1,5 +1,5 @@
 import { Chat } from '@/components/chat'
-import {nanoid } from 'nanoid'
+import { nanoid } from '@/lib/utils'
 import { AI } from './actions'
 
 export const maxDuration = 60

chat-panel.patch

@@ -0,0 +1,49 @@
+<<<<<<< SEARCH
+  // New chat button (appears when there are messages)
+  if (messages.length > 0 && !isMobile) {
+    return (
+      <div
+        className={cn(
+          'fixed bottom-2 left-2 flex justify-start items-center pointer-events-none',
+          isMobile ? 'w-full px-2' : 'md:bottom-8'
+        )}
+      >
+        <Button
+          type="button"
+          variant={'secondary'}
+          className="rounded-full bg-secondary/80 group transition-all hover:scale-105 pointer-events-auto"
+          onClick={() => handleClear()}
+          data-testid="new-chat-button"
+        >
+          <span className="text-sm mr-2 group-hover:block hidden animate-in fade-in duration-300">
+            New
+          </span>
+          <Plus size={18} className="group-hover:rotate-90 transition-all" />
+        </Button>
+      </div>
+    )
+  }
+=======
+  // New chat button (appears when there are messages)
+  if (messages.length > 0 && !isMobile) {
+    return (
+      <div
+        className={cn(
+          'fixed bottom-4 left-4 flex justify-start items-center pointer-events-none z-50'
+        )}
+      >
+        <Button
+          type="button"
+          variant={'ghost'}
+          size={'icon'}
+          className="rounded-full transition-all hover:scale-110 pointer-events-auto text-primary"
+          onClick={() => handleClear()}
+          data-testid="new-chat-button"
+          title="New Chat"
+        >
+          <Sprout size={28} className="fill-primary/20" />
+        </Button>
+      </div>
+    )
+  }
+>>>>>>> REPLACE

components/chat-panel.tsx

@@ -6,9 +6,9 @@ import { useUIState, useActions, readStreamableValue } from 'ai/rsc'
 import { cn } from '@/lib/utils'
 import { UserMessage } from './user-message'
 import { Button } from './ui/button'
-import { ArrowRight, Plus, Paperclip, X } from 'lucide-react'
+import { ArrowRight, Plus, Paperclip, X, Sprout } from 'lucide-react'
 import Textarea from 'react-textarea-autosize'
-import { nanoid } from 'nanoid'
+import { nanoid } from '@/lib/utils'
 import { useSettingsStore } from '@/lib/store/settings'
 import { PartialRelated } from '@/lib/schema/related'
 import { getSuggestions } from '@/lib/actions/suggest'
@@ -166,21 +166,19 @@ export const ChatPanel = forwardRef<ChatPanelRef, ChatPanelProps>(({ messages, i
     return (
       <div
         className={cn(
-          'fixed bottom-2 left-2 flex justify-start items-center pointer-events-none',
-          isMobile ? 'w-full px-2' : 'md:bottom-8'
+          'fixed bottom-4 left-4 flex justify-start items-center pointer-events-none z-50'
         )}
       >
         <Button
           type="button"
-          variant={'secondary'}
-          className="rounded-full bg-secondary/80 group transition-all hover:scale-105 pointer-events-auto"
+          variant={'ghost'}
+          size={'icon'}
+          className="rounded-full transition-all hover:scale-110 pointer-events-auto text-primary"
           onClick={() => handleClear()}
           data-testid="new-chat-button"
+          title="New Chat"
         >
-          <span className="text-sm mr-2 group-hover:block hidden animate-in fade-in duration-300">
-            New
-          </span>
-          <Plus size={18} className="group-hover:rotate-90 transition-all" />
+          <Sprout size={28} className="fill-primary/20" />
         </Button>
       </div>
     )