vibn-agent-runner/vibn-frontend/app/api/ai/conversation/route.ts

/**
 * GET    /api/ai/conversation?projectId=…  — fetch saved conversation
 * DELETE /api/ai/conversation?projectId=…  — wipe saved conversation
 *
 * Closes S-02: was completely unauthenticated and accepted any projectId.
 */
import { NextResponse } from "next/server";
import { query } from "@/lib/db-postgres";
import { withTenantProject } from "@/lib/server/api-handler";
import { log } from "@/lib/server/logger";

const ENSURE_TABLE = `
  CREATE TABLE IF NOT EXISTS chat_conversations (
    project_id text PRIMARY KEY,
    messages    jsonb NOT NULL DEFAULT '[]',
    updated_at  timestamptz NOT NULL DEFAULT NOW()
  )
`;

type StoredMessageRole = "user" | "assistant";

type ConversationMessage = {
  role: StoredMessageRole;
  content: string;
  createdAt?: string;
};

type ConversationResponse = {
  messages: ConversationMessage[];
};

export const GET = withTenantProject(
  async (request, _ctx, { project }) => {
    try {
      await query(ENSURE_TABLE);
      const rows = await query<{ messages: ConversationMessage[] }>(
        `SELECT messages FROM chat_conversations WHERE project_id = $1`,
        [project.id],
      );
      const messages: ConversationMessage[] = rows[0]?.messages ?? [];
      const response: ConversationResponse = { messages };
      return NextResponse.json(response);
    } catch (err) {
      log.error("ai/conversation GET failed", {
        route: "api.ai.conversation",
        projectId: project.id,
        err: err instanceof Error ? err.message : String(err),
      });
      return NextResponse.json({ messages: [] });
    }
  },
  { source: "search", paramName: "projectId" },
);

export const DELETE = withTenantProject(
  async (_request, _ctx, { project }) => {
    try {
      await query(ENSURE_TABLE);
      await query(`DELETE FROM chat_conversations WHERE project_id = $1`, [
        project.id,
      ]);
      return NextResponse.json({ ok: true });
    } catch (err) {
      log.error("ai/conversation DELETE failed", {
        route: "api.ai.conversation",
        projectId: project.id,
        err: err instanceof Error ? err.message : String(err),
      });
      return NextResponse.json(
        { error: "Failed to reset conversation" },
        { status: 500 },
      );
    }
  },
  { source: "search", paramName: "projectId" },
);