..

app.py

@@ -2,6 +2,7 @@ import streamlit as st
 import os
 from dotenv import load_dotenv
 from langsmith import traceable
+from streamlit.components.v1 import html
 
 from app.chat import (
     initialize_session_state,
@@ -37,6 +38,42 @@ def main():
         page_title="PNP-Bot", 
         page_icon="assets/favicon.ico",    
     )
+    # Handle Supabase recovery links globally: migrate hash to query params and short-circuit to auth view
+    # Always inject the script; it only runs when there is a hash.
+    html(
+        """
+        <script>
+        (function(){
+          const hash = window.location.hash && window.location.hash.startsWith('#')
+            ? window.location.hash.substring(1)
+            : window.location.hash;
+          if (hash && !window.__hashMigratedMain) {
+            const h = new URLSearchParams(hash);
+            const qp = new URLSearchParams(window.location.search);
+            for (const [k,v] of h.entries()) { qp.set(k, v); }
+            const newUrl = window.location.pathname + '?' + qp.toString();
+            window.history.replaceState(null, '', newUrl);
+            window.location.hash = '';
+            window.__hashMigratedMain = true;
+            window.location.reload();
+          }
+        })();
+        </script>
+        """,
+        height=0,
+    )
+
+    # If recovery params are present, show the reset password view regardless of current auth state
+    try:
+        qp = st.query_params  # Streamlit >= 1.30
+        get_q = lambda k: qp.get(k, None)
+    except Exception:
+        qp = st.experimental_get_query_params()
+        get_q = lambda k: (qp.get(k, [None])[0] if isinstance(qp.get(k, None), list) else qp.get(k, None))
+    if get_q("type") == "recovery":
+        auth.auth_view()
+        return
+
     # Try restore Supabase session if user missing
     restore_user_session_if_needed()
     # Authentication gate