User idle warning modal and auto logout (clear session) after configurable timeout value is hit

[chadpalmer]

This pull requests adds 1 new feature and 1 bug fix.

1. Added customizable app admin settings that set the amount of idle time before the app auto logs users out of chat.
2. The auto logout clears the session in chat, but does not sign the users out of their SSO accounts.
3. One of the admin settings sets how long before the auto logout the warning dialog appears letting the users know that they will logged out due to inactivity.
4. You can set the auto logout for 2 minutes of inactivity and the warning dialog to 1 minute for easy testing in the local Docker setup, but the admin settings variables can (and should be) adjusted for production. (30 minute idle time and 28 minute warning dialog for example)
5. The current setup allows the simple movement of the mouse pointer over the OIG Chat window to reset the idle timer and hide the warning dialog without the need to explicitly click the "Stay signed in" button.
6. BUG FIX: Fixed bug where settings object was mutated in place and then compared to itself.

(NOTE: The code went through a lot of iterations implementing copilot's suggestions. The code iterations are documented in the docs/explanations/fixes section so you can see the reasoning behind the iterations.)

New warning modal window:

Updated admin section:

[chadpalmer]

@microsoft-github-policy-service agree

[chadpalmer]

@microsoft-github-policy-service agree

[Bionic711]

Update the defaults to False.

[Copilot]

Pull request overview

Adds an idle-session timeout feature (with warning modal + heartbeat) and fixes a settings deep-merge persistence bug, integrating new admin-configurable settings into both frontend and backend enforcement.

Changes:

• Introduces server-side idle timeout enforcement plus a client-side warning modal/heartbeat flow driven by admin settings.
• Adds admin settings fields + parsing hardening for idle timeout values.
• Fixes get_settings() merge persistence by snapshotting pre-merge settings before comparing/upserting.

Reviewed changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
functional_tests/test_settings_deep_merge_persistence_fix.py	Adds AST-based functional regression coverage for the deep-merge persistence fix + version alignment.
functional_tests/test_idle_logout_timeout.py	Adds AST/marker-based functional coverage for idle-timeout wiring across backend, templates, and JS.
functional_tests/test_admin_settings_safe_int_fallback_fix.py	Adds functional coverage for hardened integer parsing and route wiring.
docs/explanation/release_notes.md	Documents v0.239.012 feature + bug fix in release notes and removes stray conflict artifacts.
docs/explanation/fixes/v0.239.012/SETTINGS_DEEP_MERGE_PERSISTENCE_FIX.md	Fix write-up for settings deep-merge persistence issue.
docs/explanation/fixes/v0.239.012/IDLE_SESSION_API_ACTIVITY_SEED_FIX.md	Fix write-up for initializing idle tracking for API-only traffic.
docs/explanation/fixes/v0.239.012/IDLE_HEARTBEAT_REAUTH_HANDLING_FIX.md	Fix write-up for heartbeat auth-failure handling/reauth sync.
docs/explanation/fixes/v0.239.012/IDLE_HEARTBEAT_INTERVAL_FIX.md	Fix write-up for dynamic heartbeat interval with short timeouts.
docs/explanation/fixes/v0.239.012/ADMIN_SETTINGS_SAFE_INT_FALLBACK_FIX.md	Fix write-up for safe_int fallback hardening and extraction.
application/single_app/templates/base.html	Injects idle-timeout config + warning modal markup and loads new JS when authenticated.
application/single_app/templates/admin_settings.html	Adds admin UI controls for enabling idle timeout and configuring warning/timeout minutes.
application/single_app/static/js/idle-logout-warning.js	Implements idle warning modal logic, timers, user-activity reset, and heartbeat refresh behavior.
application/single_app/static/js/admin/admin_settings.js	Toggles visibility of idle timeout settings section based on the new switch.
application/single_app/static/css/chats.css	Normalizes overflow styling/comment in .message-content.
application/single_app/route_frontend_authentication.py	Seeds/clears last_activity_epoch, adds /logout/local, and adjusts logout redirect scheme behavior.
application/single_app/route_frontend_admin_settings.py	Adds idle-timeout defaults, parses/sanitizes new form fields, and uses extracted int parsing helper.
application/single_app/functions_settings.py	Adds idle-timeout defaults, fixes merge persistence detection with deepcopy snapshot, adds cache update, adds optional include_source.
application/single_app/config.py	Bumps version, adds idle-timeout exempt path/prefix config, fixes indentation in favicon error handling.
application/single_app/app.py	Adds request-scoped settings resolution + source tracking, server-side idle timeout enforcement, and heartbeat endpoint.
application/single_app/admin_settings_int_utils.py	Adds shared safe_int/safe_int_with_source helpers for robust int parsing.

[Copilot]

Pull request overview

Adds an idle-session timeout feature (server-enforced + client warning modal) driven by new admin settings, and fixes a settings persistence bug caused by in-place mutation during default deep-merge.

Changes:

• Add configurable idle timeout + warning (admin settings + base template modal + client JS + server enforcement + heartbeat endpoint).
• Fix get_settings() merge-persistence detection when deep_merge_dicts() mutates settings in place.
• Add helper hardening for admin int parsing + add/extend functional tests + document in release notes/fix docs.

Reviewed changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
functional_tests/test_settings_deep_merge_persistence_fix.py	Regression coverage for settings deep-merge persistence fix via AST assertions + version alignment.
functional_tests/test_idle_logout_timeout.py	Regression coverage for idle-timeout wiring across backend, templates, JS, and admin settings.
functional_tests/test_admin_settings_safe_int_fallback_fix.py	Verifies integer parsing helper behavior + route wiring + version alignment.
docs/explanation/release_notes.md	Adds v0.239.012 release notes for idle timeout feature + settings merge fix; removes leftover conflict artifacts.
docs/explanation/fixes/v0.239.012/SETTINGS_DEEP_MERGE_PERSISTENCE_FIX.md	Fix write-up for settings merge persistence bug.
docs/explanation/fixes/v0.239.012/IDLE_SESSION_API_ACTIVITY_SEED_FIX.md	Documents API-path activity timestamp seeding behavior for idle-timeout enforcement.
docs/explanation/fixes/v0.239.012/IDLE_HEARTBEAT_REAUTH_HANDLING_FIX.md	Documents client heartbeat reauth/logout handling.
docs/explanation/fixes/v0.239.012/IDLE_HEARTBEAT_INTERVAL_FIX.md	Documents heartbeat interval behavior for short timeout configs.
docs/explanation/fixes/v0.239.012/ADMIN_SETTINGS_SAFE_INT_FALLBACK_FIX.md	Documents extracted safe int parsing helpers and admin route usage.
application/single_app/templates/base.html	Injects window.idleLogoutConfig, includes idle warning JS, and adds the warning modal markup.
application/single_app/templates/admin_settings.html	Adds admin toggle + inputs for idle timeout/warning minutes.
application/single_app/static/js/idle-logout-warning.js	Implements client idle detection, warning modal, countdown, heartbeat refresh, and logout redirect.
application/single_app/static/js/admin/admin_settings.js	Toggles visibility of idle-timeout settings section in admin UI.
application/single_app/static/css/chats.css	Adjusts overflow comment/formatting for .message-content.
application/single_app/route_frontend_authentication.py	Clears last_activity_epoch on login and sets it on auth; adds /logout/local; avoids forcing HTTPS scheme in logout redirect.
application/single_app/route_frontend_admin_settings.py	Adds idle-timeout defaults, parses/validates new fields, and persists them.
application/single_app/functions_settings.py	Adds idle-timeout defaults; fixes merge-change detection; adds cache update after upsert; adds optional include_source return.
application/single_app/config.py	Bumps version; adds idle-timeout exempt paths/prefixes; fixes indentation.
application/single_app/app.py	Adds request-scoped settings resolution + settings-source tracking; injects idle-timeout vars into templates; enforces idle timeout in before_request; adds heartbeat route.
application/single_app/admin_settings_int_utils.py	New helper module for safe integer parsing with source tracking.

[Copilot]

Pull request overview

Adds an idle-session timeout feature (configurable via Admin Settings) that warns users with a modal before locally clearing the Flask session, plus fixes settings default-merge persistence by correctly detecting in-place mutations and persisting missing keys back to Cosmos.

Changes:

• Add server-side idle timeout enforcement + /api/session/heartbeat, plus frontend warning modal + JS timer/heartbeat logic driven by admin-configured settings.
• Fix get_settings() merge persistence by changing deep_merge_dicts() to return a “changed” flag and upserting/cache-updating only when defaults were actually added.
• Add helper for robust admin int parsing and functional regression tests + release notes/fix docs for v0.239.012.

Reviewed changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
application/single_app/app.py	Implements request-scoped settings sourcing + idle timeout enforcement + heartbeat endpoint + template injection for idle timeout values.
application/single_app/config.py	Bumps version to 0.239.012 and introduces idle-timeout exempt path/prefix lists.
application/single_app/functions_settings.py	Adds idle timeout defaults; fixes merge persistence via “changed” flag + cache update; adds include_source support.
application/single_app/route_frontend_authentication.py	Clears/sets last_activity_epoch, adds /logout/local, and adjusts logout redirect URL handling.
application/single_app/route_frontend_admin_settings.py	Adds admin defaults and save-path parsing/validation for idle timeout settings using shared int parsing helper.
application/single_app/admin_settings_int_utils.py	New module providing safe_int / safe_int_with_source for resilient integer parsing.
application/single_app/templates/base.html	Injects window.idleLogoutConfig, loads idle warning JS, and adds the warning modal markup.
application/single_app/templates/admin_settings.html	Adds idle-timeout enable toggle + timeout/warning inputs with a collapsible section.
application/single_app/static/js/idle-logout-warning.js	New client-side idle timer, warning modal countdown, and heartbeat/reauth sync behavior.
application/single_app/static/js/admin/admin_settings.js	Shows/hides idle timeout settings section based on the toggle.
application/single_app/static/css/chats.css	Small comment/formatting adjustment for .message-content overflow.
functional_tests/test_idle_logout_timeout.py	Functional AST/marker checks covering server + template + JS wiring for idle timeout feature.
functional_tests/test_settings_deep_merge_persistence_fix.py	Functional AST/marker checks ensuring merge persistence logic stays wired and version-aligned.
functional_tests/test_admin_settings_safe_int_fallback_fix.py	Behavior + AST checks ensuring admin int parsing is resilient and routed through shared helper.
docs/explanation/release_notes.md	Adds v0.239.012 release notes entries (feature + merge persistence fix) and removes stray merge artifact.
docs/explanation/fixes/v0.239.012/*	Adds fix documentation for merge persistence and idle-timeout related hardening/behavior.

[Copilot]

Pull request overview

Adds an admin-configurable idle session timeout feature (warning modal + local session clear) and fixes settings default merge persistence so newly introduced defaults get upserted back to Cosmos reliably.

Changes:

• Implemented server-side idle timeout enforcement + /api/session/heartbeat, plus client-side warning modal/heartbeat/logout wiring.
• Added admin settings UI + backend parsing/validation for idle timeout and warning minutes.
• Fixed settings merge persistence detection by having the deep-merge routine report whether it changed the target, plus added functional tests + docs/release notes.

Reviewed changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
functional_tests/test_settings_deep_merge_persistence_fix.py	Regression coverage for settings merge persistence wiring/version alignment.
functional_tests/test_idle_logout_timeout.py	Coverage for backend idle enforcement + frontend modal/JS wiring via AST/marker checks.
functional_tests/test_admin_settings_safe_int_fallback_fix.py	Validates extracted int parsing helpers + route wiring and version alignment.
docs/explanation/release_notes.md	Adds v0.239.012 release notes for the new idle timeout feature + merge persistence fix.
docs/explanation/fixes/v0.239.012/SETTINGS_DEEP_MERGE_PERSISTENCE_FIX.md	Fix write-up for merge persistence behavior (needs alignment with current implementation).
docs/explanation/fixes/v0.239.012/IDLE_SESSION_API_ACTIVITY_SEED_FIX.md	Documents API-path activity seeding behavior for idle timeout enforcement.
docs/explanation/fixes/v0.239.012/IDLE_HEARTBEAT_REAUTH_HANDLING_FIX.md	Documents heartbeat reauth/logout handling expectations.
docs/explanation/fixes/v0.239.012/IDLE_HEARTBEAT_INTERVAL_FIX.md	Documents dynamic heartbeat interval behavior for short timeouts.
docs/explanation/fixes/v0.239.012/ADMIN_SETTINGS_SAFE_INT_FALLBACK_FIX.md	Documents safe int parsing hardening/extraction.
application/single_app/templates/base.html	Injects idle timeout config, loads JS, and adds the warning modal markup.
application/single_app/templates/admin_settings.html	Adds idle timeout toggle + timeout/warning inputs in admin settings UI.
application/single_app/static/js/idle-logout-warning.js	Client-side timer, warning modal, heartbeat throttling, and local logout behavior.
application/single_app/static/js/admin/admin_settings.js	Toggles idle-timeout settings section visibility when switch changes.
application/single_app/static/css/chats.css	Minor message overflow comment/update.
application/single_app/route_frontend_authentication.py	Adds /logout/local, clears/sets last_activity_epoch during auth flows, and hardens get_settings() usage.
application/single_app/route_frontend_admin_settings.py	Adds defaults + robust parsing/logging for idle timeout admin fields.
application/single_app/functions_settings.py	Adds idle timeout defaults, adds settings-source plumbing, fixes merge persistence detection, updates cache after upsert.
application/single_app/config.py	Bumps version to 0.239.012 and adds idle-timeout exempt path/prefix constants.
application/single_app/app.py	Adds request-scoped settings resolver, idle timeout enforcement, heartbeat route, and template injection variables.
application/single_app/admin_settings_int_utils.py	New shared helpers for safe integer parsing + parse-source reporting.

[Copilot]

Pull request overview

Adds an idle-session timeout feature (server-enforced + client warning modal + admin-configurable settings) and fixes settings default merge persistence so newly added defaults are upserted back into Cosmos when missing.

Changes:

• Add configurable idle timeout + warning (admin UI, base template wiring, client JS, server enforcement + heartbeat).
• Fix get_settings() merge detection by making deep_merge_dicts() return a boolean changed flag and persisting merged defaults when needed.
• Add functional regression tests + versioned fix documentation/release notes for v0.239.012.

Reviewed changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
functional_tests/test_settings_deep_merge_persistence_fix.py	AST-based functional regression coverage for merge persistence wiring + version marker check.
functional_tests/test_idle_logout_timeout.py	AST/marker-based functional coverage for backend timeout enforcement, template wiring, JS wiring, and admin settings wiring.
functional_tests/test_admin_settings_safe_int_fallback_fix.py	Behavior + AST wiring coverage for hardened admin integer parsing helper usage.
docs/explanation/release_notes.md	Adds v0.239.012 release notes entries for idle timeout feature + merge persistence fix.
docs/explanation/fixes/v0.239.012/SETTINGS_DEEP_MERGE_PERSISTENCE_FIX.md	Fix writeup for merge persistence bug.
docs/explanation/fixes/v0.239.012/IDLE_SESSION_API_ACTIVITY_SEED_FIX.md	Documents API-path last_activity_epoch seeding behavior.
docs/explanation/fixes/v0.239.012/IDLE_HEARTBEAT_REAUTH_HANDLING_FIX.md	Documents client heartbeat auth-failure handling.
docs/explanation/fixes/v0.239.012/IDLE_HEARTBEAT_INTERVAL_FIX.md	Documents dynamic heartbeat interval + first-heartbeat behavior.
docs/explanation/fixes/v0.239.012/ADMIN_SETTINGS_SAFE_INT_FALLBACK_FIX.md	Documents hardening of admin integer parsing fallback behavior.
application/single_app/templates/base.html	Injects window.idleLogoutConfig, loads idle JS, and adds warning modal markup for signed-in sessions.
application/single_app/templates/admin_settings.html	Adds admin toggle + numeric inputs for idle timeout/warning and ties them to the UI section.
application/single_app/static/js/idle-logout-warning.js	Implements client-side idle timers, warning modal, countdown, heartbeat refresh, and logout redirect logic.
application/single_app/static/js/admin/admin_settings.js	Adds UI toggle behavior to show/hide idle timeout settings section.
application/single_app/static/css/chats.css	Adjusts .message-content overflow comment (keeps overflow behavior).
application/single_app/route_frontend_authentication.py	Clears last_activity_epoch on login start, seeds it on auth, and adds /logout/local route for session-only logout.
application/single_app/route_frontend_admin_settings.py	Parses/persists new idle timeout settings; introduces shared integer parsing helper with diagnostics.
application/single_app/functions_settings.py	Adds idle timeout defaults; fixes merge persistence via changed-flag; adds include_source return mode and cache update on upsert.
application/single_app/config.py	Bumps version to 0.239.012; adds idle-timeout exempt path/prefix constants; fixes indentation.
application/single_app/app.py	Adds request-scoped settings resolution + source tracking; injects idle config into templates; adds idle timeout enforcement + heartbeat endpoint.
application/single_app/admin_settings_int_utils.py	New shared helper module for robust int parsing with source reporting.

[Copilot]

Pull request overview

Adds an end-to-end idle-session timeout feature (admin-configurable warning + local session clear/logout) and fixes settings deep-merge persistence so newly added default keys are correctly written back to Cosmos DB.

Changes:

• Implemented server-side idle timeout enforcement + /api/session/heartbeat refresh endpoint and client-side warning modal/countdown + logout wiring.
• Added admin settings UI + save/validation plumbing for idle timeout/warning values (including hardened integer parsing helper).
• Fixed get_settings() merge persistence behavior by making deep_merge_dicts() return a changed flag and updating cache after merge-upsert.

Reviewed changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
functional_tests/test_settings_deep_merge_persistence_fix.py	Regression coverage for deep-merge persistence wiring + version alignment.
functional_tests/test_idle_logout_timeout.py	Regression coverage for backend/JS/template/admin wiring of idle timeout feature.
functional_tests/test_admin_settings_safe_int_fallback_fix.py	Behavior + wiring coverage for extracted safe int parsing helpers.
docs/explanation/release_notes.md	Release notes entry for v0.239.012 covering feature + merge persistence fix.
docs/explanation/fixes/v0.239.012/SETTINGS_DEEP_MERGE_PERSISTENCE_FIX.md	Fix write-up and validation notes for merge persistence.
docs/explanation/fixes/v0.239.012/IDLE_SESSION_API_ACTIVITY_SEED_FIX.md	Documents API-path activity timestamp seeding behavior.
docs/explanation/fixes/v0.239.012/IDLE_HEARTBEAT_REAUTH_HANDLING_FIX.md	Documents heartbeat auth-failure handling behavior.
docs/explanation/fixes/v0.239.012/IDLE_HEARTBEAT_INTERVAL_FIX.md	Documents heartbeat interval tuning for short timeouts.
docs/explanation/fixes/v0.239.012/ADMIN_SETTINGS_SAFE_INT_FALLBACK_FIX.md	Documents safe-int hardening and extraction to utility module.
application/single_app/templates/base.html	Injects window.idleLogoutConfig, loads idle JS, and adds warning modal markup.
application/single_app/templates/admin_settings.html	Adds idle-timeout toggle + inputs and related help tooltip.
application/single_app/static/js/idle-logout-warning.js	Client-side idle detection, warning modal countdown, heartbeat, and local logout.
application/single_app/static/js/admin/admin_settings.js	Shows/hides the idle-timeout settings section based on toggle state.
application/single_app/static/css/chats.css	Minor comment/format cleanup for .message-content overflow rule.
application/single_app/route_frontend_authentication.py	Adds /logout/local route and seeds/clears last_activity_epoch in auth flows.
application/single_app/route_frontend_admin_settings.py	Persists idle timeout settings; routes now use extracted integer parsing helper.
application/single_app/functions_settings.py	Fixes merge persistence detection, adds idle timeout defaults, adds source-aware return option.
application/single_app/config.py	Bumps version to 0.239.012 and adds idle-timeout exempt path/prefix constants.
application/single_app/app.py	Adds request-scoped settings resolver, idle timeout enforcement hook, and heartbeat endpoint.
application/single_app/admin_settings_int_utils.py	New helper module for robust integer parsing with source diagnostics.

[chadpalmer]

@Bionic711 I implemented all of your changes as well as addressing issues raised by github copilot.

[Bionic711]

@paullizer Thoughts on setting the minimum for timeout to 10 minutes? If the admin mistakenly enables it, then sets it to 0 thinking it might disable it (instead of actually disabling it) there is an edge scenario with this that users will time out after 60 seconds.

[paullizer]

please update 1 > 10 so we have a min of 10 minutes always.

[chadpalmer]

Updated.

[Bionic711]

@paullizer This forces there to always be an idle timeout. Do we want an admin to be able to have a timeout, but disable a warning message?

[chadpalmer]

@Bionic711 @paullizer I hope you both had a great weekend. Do you have any updates on these issues? These would be simple changes if needed/desired. Thanks, and have a great week!

[paullizer]

Idle timeout should be an optional feature, with flexibility around both configuration and messaging. If enabled, users should be able to choose whether or not to display a message prior to timeout. When a message is used, it should be configurable in terms of timing, allowing it to be triggered anywhere from one minute up to the full timeout duration previously defined. Users should also have full control over the content of that message, so it can be tailored to their needs.

[chadpalmer]

@paullizer The idle timeout feature is already an optional feature that is disabled by default. I will add a custom message field and update the warning dialog display logic so that users can enter the same time into both the idle logout timeout and idle warning time fields which will prevent the warning dialog from popping up at all. I will also enforce the minimum 10 minute rule as well.

[chadpalmer]

@Bionic711 @paullizer I just uploaded the requested updates.

1. Minimum of 10 minutes timeout value is now enforced.
2. Setting warning dialog timeout value to same value as idle logout timeout disables warning dialog.
3. Added admin setting field under user idle timeout section to allow a custom message in the warning dialog box.

[Copilot]

Pull request overview

Adds an idle-session timeout feature (with a warning modal + configurable admin settings) and fixes settings deep-merge persistence so newly added default keys get upserted back to Cosmos and cache stays consistent.

Changes:

• Add server-side idle timeout enforcement + /api/session/heartbeat and a client-side warning/countdown + local logout flow.
• Add admin settings UI + route parsing for idle timeout/warning/message configuration.
• Fix get_settings() deep-merge persistence logic by making deep_merge_dicts() return a “changed” flag and upserting on change; add functional tests + docs/release notes.

Reviewed changes

Copilot reviewed 20 out of 22 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
functional_tests/test_settings_deep_merge_persistence_fix.py	Functional regression test for deep-merge persistence wiring.
functional_tests/test_idle_logout_timeout.py	Functional wiring checks for idle timeout backend/frontend/admin settings integration.
functional_tests/test_admin_settings_safe_int_fallback_fix.py	Functional coverage for extracted safe-int parsing and route wiring.
docs/explanation/release_notes.md	Release notes entry for new idle timeout feature and merge persistence fix.
docs/explanation/fixes/v0.239.012/SETTINGS_DEEP_MERGE_PERSISTENCE_FIX.md	Fix documentation for merge persistence change.
docs/explanation/fixes/v0.239.012/IDLE_SESSION_API_ACTIVITY_SEED_FIX.md	Fix documentation for API activity timestamp seeding.
docs/explanation/fixes/v0.239.012/IDLE_HEARTBEAT_REAUTH_HANDLING_FIX.md	Fix documentation for heartbeat reauth handling.
docs/explanation/fixes/v0.239.012/IDLE_HEARTBEAT_INTERVAL_FIX.md	Fix documentation for heartbeat interval scaling.
docs/explanation/fixes/v0.239.012/ADMIN_SETTINGS_SAFE_INT_FALLBACK_FIX.md	Fix documentation for safe-int fallback hardening.
application/single_app/templates/base.html	Injects idle-timeout config + warning modal markup and loads idle warning JS for signed-in users.
application/single_app/templates/admin_settings.html	Adds idle timeout settings fields + toggle section in admin UI.
application/single_app/static/js/idle-logout-warning.js	Implements client-side timers, warning modal, countdown, and heartbeat-driven session refresh/logout behavior.
application/single_app/static/js/admin/admin_settings.js	Toggles the idle-timeout settings section visibility based on the switch.
application/single_app/static/images/custom_logo_dark.png	Adds/updates image asset.
application/single_app/static/images/custom_logo.png	Adds/updates image asset.
application/single_app/static/css/chats.css	Adjusts .message-content overflow comment (and preserves overflow behavior).
application/single_app/route_frontend_authentication.py	Adds local logout route and initializes/clears last_activity_epoch during auth flows.
application/single_app/route_frontend_admin_settings.py	Parses and persists idle timeout settings; introduces structured int parsing via helper.
application/single_app/functions_settings.py	Adds idle timeout defaults; fixes deep-merge change detection/persistence and adds settings-source logging + cache update on upsert.
application/single_app/config.py	Bumps VERSION; introduces idle-timeout exempt path/prefix lists; minor indentation fix.
application/single_app/app.py	Adds request-scoped settings helper, settings-source logging, idle timeout enforcement, and heartbeat endpoint; injects idle timeout vars into templates.
application/single_app/admin_settings_int_utils.py	New helper module for robust int parsing with source reporting.