feat: Gitea auto-provisioning and webhook context sync

- Add lib/gitea.ts: Gitea API client (createRepo, createWebhook,
  deleteRepo, verifyWebhookSignature)
- Add lib/coolify.ts: Coolify API client (projects, databases,
  applications, deployments)
- Update api/projects/create: auto-creates a private Gitea repo and
  registers a webhook on every new project; stores giteaRepo,
  giteaRepoUrl, giteaCloneUrl, giteaSshUrl, giteaWebhookId in project
  data; Gitea errors are non-fatal so project creation still succeeds
- Add api/webhooks/gitea: handles push, pull_request, issues events;
  verifies HMAC signature; updates contextSnapshot on project record
- Add api/webhooks/coolify: handles deployment status events; updates
  contextSnapshot.lastDeployment on project record

Requires env vars: GITEA_API_URL, GITEA_API_TOKEN, GITEA_ADMIN_USER,
GITEA_WEBHOOK_SECRET, COOLIFY_URL, COOLIFY_API_TOKEN

Co-authored-by: Cursor <cursoragent@cursor.com>

app/api/projects/create/route.ts

@@ -3,8 +3,13 @@ import { getServerSession } from 'next-auth';
 import { authOptions } from '@/lib/auth/authOptions';
 import { query } from '@/lib/db-postgres';
 import { randomUUID } from 'crypto';
+import { createRepo, createWebhook, GITEA_ADMIN_USER_EXPORT } from '@/lib/gitea';
 import type { ProjectPhaseData, ProjectPhaseScores } from '@/lib/types/project-artifacts';
 
+const GITEA_ADMIN_USER = GITEA_ADMIN_USER_EXPORT;
+const APP_URL = process.env.NEXTAUTH_URL ?? process.env.NEXT_PUBLIC_APP_URL ?? 'https://vibnai.com';
+const GITEA_WEBHOOK_SECRET = process.env.GITEA_WEBHOOK_SECRET ?? 'vibn-webhook-secret';
+
 export async function POST(request: Request) {
   try {
     const session = await getServerSession(authOptions);
@@ -14,7 +19,7 @@ export async function POST(request: Request) {
 
     const email = session.user.email;
 
-    // Resolve Firebase user ID and workspace from fs_users
+    // Resolve user record from fs_users
     const users = await query<{ id: string; data: any }>(`
       SELECT id, data FROM fs_users WHERE data->>'email' = $1 LIMIT 1
     `, [email]);
@@ -49,6 +54,44 @@ export async function POST(request: Request) {
     const projectId = randomUUID();
     const now = new Date().toISOString();
 
+    // ──────────────────────────────────────────────
+    // 1. Provision Gitea repo
+    // ──────────────────────────────────────────────
+    let giteaRepo: string | null = null;
+    let giteaRepoUrl: string | null = null;
+    let giteaCloneUrl: string | null = null;
+    let giteaSshUrl: string | null = null;
+    let giteaWebhookId: number | null = null;
+    let giteaError: string | null = null;
+
+    try {
+      const repoName = slug; // e.g. "taskmaster"
+      const repo = await createRepo(repoName, {
+        description: `${projectName} — managed by Vibn`,
+        private: true,
+        auto_init: true,
+      });
+
+      giteaRepo = repo.full_name;          // e.g. "mark/taskmaster"
+      giteaRepoUrl = repo.html_url;        // e.g. "https://git.vibnai.com/mark/taskmaster"
+      giteaCloneUrl = repo.clone_url;
+      giteaSshUrl = repo.ssh_url;
+
+      // 2. Register webhook on the repo pointing back to Vibn
+      const webhookUrl = `${APP_URL}/api/webhooks/gitea?projectId=${projectId}`;
+      const hook = await createWebhook(GITEA_ADMIN_USER, repoName, webhookUrl, GITEA_WEBHOOK_SECRET);
+      giteaWebhookId = hook.id;
+
+      console.log(`[API] Gitea repo created: ${giteaRepo}, webhook: ${giteaWebhookId}`);
+    } catch (err) {
+      // Non-fatal — log and continue. Project is still created.
+      giteaError = err instanceof Error ? err.message : String(err);
+      console.error('[API] Gitea provisioning failed (non-fatal):', giteaError);
+    }
+
+    // ──────────────────────────────────────────────
+    // 3. Save project record
+    // ──────────────────────────────────────────────
     const projectData = {
       id: projectId,
       name: projectName,
@@ -77,6 +120,15 @@ export async function POST(request: Request) {
       phaseStatus: 'not_started',
       phaseData: {} as ProjectPhaseData,
       phaseScores: {} as ProjectPhaseScores,
+      // Gitea provisioning
+      giteaRepo,
+      giteaRepoUrl,
+      giteaCloneUrl,
+      giteaSshUrl,
+      giteaWebhookId,
+      giteaError,
+      // Context snapshot (kept fresh by webhooks)
+      contextSnapshot: null,
       createdAt: now,
       updatedAt: now,
     };
@@ -86,7 +138,7 @@ export async function POST(request: Request) {
       VALUES ($1, $2::jsonb, $3, $4, $5)
     `, [projectId, JSON.stringify(projectData), firebaseUserId, workspace, slug]);
 
-    // Associate unlinked sessions for this workspace path
+    // Associate any unlinked sessions for this workspace path
     if (workspacePath) {
       await query(`
         UPDATE fs_sessions
@@ -100,8 +152,18 @@ export async function POST(request: Request) {
       `, [JSON.stringify(projectId), firebaseUserId, workspacePath]);
     }
 
-    console.log('[API] Created project', projectId, slug);
-    return NextResponse.json({ success: true, projectId, slug, workspace });
+    console.log('[API] Created project', projectId, slug, '| gitea:', giteaRepo ?? 'skipped');
+
+    return NextResponse.json({
+      success: true,
+      projectId,
+      slug,
+      workspace,
+      gitea: giteaRepo
+        ? { repo: giteaRepo, repoUrl: giteaRepoUrl, cloneUrl: giteaCloneUrl, sshUrl: giteaSshUrl }
+        : null,
+      giteaError: giteaError ?? undefined,
+    });
   } catch (error) {
     console.error('[POST /api/projects/create] Error:', error);
     return NextResponse.json(

app/api/webhooks/coolify/route.ts

@@ -0,0 +1,62 @@
+/**
+ * POST /api/webhooks/coolify?projectId={projectId}
+ *
+ * Receives deployment status events from Coolify.
+ * Updates the project's contextSnapshot.lastDeployment in Postgres.
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { query } from '@/lib/db-postgres';
+
+export async function POST(request: NextRequest) {
+  const projectId = request.nextUrl.searchParams.get('projectId');
+  if (!projectId) {
+    return NextResponse.json({ error: 'Missing projectId' }, { status: 400 });
+  }
+
+  let payload: any;
+  try {
+    payload = await request.json();
+  } catch {
+    return NextResponse.json({ error: 'Invalid JSON' }, { status: 400 });
+  }
+
+  const rows = await query<{ id: string; data: any }>(
+    `SELECT id, data FROM fs_projects WHERE id = $1 LIMIT 1`,
+    [projectId]
+  );
+
+  if (rows.length === 0) {
+    return NextResponse.json({ error: 'Project not found' }, { status: 404 });
+  }
+
+  const project = rows[0];
+  const existingSnapshot = project.data?.contextSnapshot ?? {};
+
+  // Coolify sends status events like: queued, in_progress, finished, failed, cancelled
+  const status = payload.status ?? payload.data?.status ?? 'unknown';
+  const applicationUuid = payload.application_uuid ?? payload.data?.application_uuid;
+  const deploymentUuid = payload.deployment_uuid ?? payload.data?.deployment_uuid;
+  const url = payload.fqdn ?? payload.data?.fqdn ?? null;
+
+  const newSnapshot = {
+    ...existingSnapshot,
+    lastDeployment: {
+      status,
+      applicationUuid,
+      deploymentUuid,
+      url,
+      timestamp: new Date().toISOString(),
+    },
+    updatedAt: new Date().toISOString(),
+  };
+
+  await query(`
+    UPDATE fs_projects
+    SET data = jsonb_set(data, '{contextSnapshot}', $1::jsonb)
+    WHERE id = $2
+  `, [JSON.stringify(newSnapshot), projectId]);
+
+  console.log(`[webhook/coolify] deploy ${status} for project ${projectId}`);
+  return NextResponse.json({ ok: true, status, projectId });
+}

app/api/webhooks/gitea/route.ts

@@ -0,0 +1,194 @@
+/**
+ * POST /api/webhooks/gitea?projectId={projectId}
+ *
+ * Receives push, pull_request, issues, and issue_comment events from Gitea.
+ * Verifies the HMAC signature, then updates the project's contextSnapshot
+ * in Postgres so the AI always has fresh context at the start of new chats.
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { query } from '@/lib/db-postgres';
+import { verifyWebhookSignature } from '@/lib/gitea';
+
+const GITEA_WEBHOOK_SECRET = process.env.GITEA_WEBHOOK_SECRET ?? 'vibn-webhook-secret';
+
+// ──────────────────────────────────────────────────
+// Gitea payload shapes (minimal — we only read what we need)
+// ──────────────────────────────────────────────────
+
+interface GitCommit {
+  id: string;
+  message: string;
+  timestamp: string;
+  author: { name: string; email: string };
+  url: string;
+}
+
+interface PushPayload {
+  ref: string;
+  after: string;
+  commits: GitCommit[];
+  repository: { full_name: string; html_url: string };
+  pusher: { login: string };
+}
+
+interface PullRequestPayload {
+  action: string; // opened, closed, reopened, synchronized
+  number: number;
+  pull_request: {
+    title: string;
+    html_url: string;
+    state: string;
+    merged: boolean;
+    head: { label: string };
+    base: { label: string };
+  };
+  repository: { full_name: string };
+}
+
+interface IssuePayload {
+  action: string; // opened, closed, reopened
+  issue: {
+    number: number;
+    title: string;
+    html_url: string;
+    state: string;
+    body?: string;
+    labels?: { name: string }[];
+  };
+  repository: { full_name: string };
+}
+
+// ──────────────────────────────────────────────────
+// Handler
+// ──────────────────────────────────────────────────
+
+export async function POST(request: NextRequest) {
+  const projectId = request.nextUrl.searchParams.get('projectId');
+  if (!projectId) {
+    return NextResponse.json({ error: 'Missing projectId' }, { status: 400 });
+  }
+
+  const rawBody = await request.text();
+  const signature = request.headers.get('x-gitea-signature-256') ?? '';
+  const event = request.headers.get('x-gitea-event') ?? 'unknown';
+
+  // Verify HMAC signature
+  const valid = await verifyWebhookSignature(rawBody, signature, GITEA_WEBHOOK_SECRET);
+  if (!valid) {
+    console.warn(`[webhook/gitea] Invalid signature for project ${projectId}`);
+    return NextResponse.json({ error: 'Invalid signature' }, { status: 401 });
+  }
+
+  let payload: any;
+  try {
+    payload = JSON.parse(rawBody);
+  } catch {
+    return NextResponse.json({ error: 'Invalid JSON' }, { status: 400 });
+  }
+
+  // Fetch existing project snapshot
+  const rows = await query<{ id: string; data: any }>(
+    `SELECT id, data FROM fs_projects WHERE id = $1 LIMIT 1`,
+    [projectId]
+  );
+
+  if (rows.length === 0) {
+    console.warn(`[webhook/gitea] Project not found: ${projectId}`);
+    return NextResponse.json({ error: 'Project not found' }, { status: 404 });
+  }
+
+  const project = rows[0];
+  const existingSnapshot = project.data?.contextSnapshot ?? {};
+
+  // Build updated snapshot based on event type
+  const updatedAt = new Date().toISOString();
+  let snapshotPatch: Record<string, any> = { updatedAt };
+
+  if (event === 'push') {
+    const push = payload as PushPayload;
+    const branch = push.ref?.replace('refs/heads/', '') ?? 'unknown';
+    const latestCommit = push.commits?.[0];
+
+    snapshotPatch.lastCommit = latestCommit
+      ? {
+          sha: latestCommit.id,
+          message: latestCommit.message,
+          author: latestCommit.author?.name,
+          timestamp: latestCommit.timestamp,
+          url: latestCommit.url,
+        }
+      : existingSnapshot.lastCommit;
+
+    snapshotPatch.currentBranch = branch;
+    snapshotPatch.recentCommits = [
+      ...(push.commits ?? []).slice(0, 5).map(c => ({
+        sha: c.id.slice(0, 8),
+        message: c.message.split('\n')[0],
+        author: c.author?.name,
+        timestamp: c.timestamp,
+      })),
+      ...(existingSnapshot.recentCommits ?? []),
+    ].slice(0, 10);
+
+    console.log(`[webhook/gitea] push to ${branch} on project ${projectId}`);
+  } else if (event === 'pull_request') {
+    const pr = payload as PullRequestPayload;
+    const openPRs: any[] = existingSnapshot.openPRs ?? [];
+
+    if (pr.action === 'opened' || pr.action === 'reopened') {
+      // Add or update
+      const existing = openPRs.findIndex((p: any) => p.number === pr.number);
+      const entry = {
+        number: pr.number,
+        title: pr.pull_request.title,
+        url: pr.pull_request.html_url,
+        state: pr.pull_request.state,
+        from: pr.pull_request.head.label,
+        into: pr.pull_request.base.label,
+      };
+      if (existing >= 0) openPRs[existing] = entry;
+      else openPRs.push(entry);
+    } else if (pr.action === 'closed') {
+      // Remove closed/merged PR from open list
+      const idx = openPRs.findIndex((p: any) => p.number === pr.number);
+      if (idx >= 0) openPRs.splice(idx, 1);
+    }
+
+    snapshotPatch.openPRs = openPRs;
+    console.log(`[webhook/gitea] PR #${pr.number} ${pr.action} on project ${projectId}`);
+  } else if (event === 'issues') {
+    const iss = payload as IssuePayload;
+    const openIssues: any[] = existingSnapshot.openIssues ?? [];
+
+    if (iss.action === 'opened' || iss.action === 'reopened') {
+      const existing = openIssues.findIndex((i: any) => i.number === iss.issue.number);
+      const entry = {
+        number: iss.issue.number,
+        title: iss.issue.title,
+        url: iss.issue.html_url,
+        state: iss.issue.state,
+        labels: (iss.issue.labels ?? []).map(l => l.name),
+      };
+      if (existing >= 0) openIssues[existing] = entry;
+      else openIssues.push(entry);
+    } else if (iss.action === 'closed') {
+      const idx = openIssues.findIndex((i: any) => i.number === iss.issue.number);
+      if (idx >= 0) openIssues.splice(idx, 1);
+    }
+
+    snapshotPatch.openIssues = openIssues;
+    console.log(`[webhook/gitea] issue #${iss.issue.number} ${iss.action} on project ${projectId}`);
+  }
+
+  // Merge patch into existing snapshot and persist
+  const newSnapshot = { ...existingSnapshot, ...snapshotPatch };
+
+  await query(`
+    UPDATE fs_projects
+    SET data = jsonb_set(data, '{contextSnapshot}', $1::jsonb)
+    WHERE id = $2
+  `, [JSON.stringify(newSnapshot), projectId]);
+
+  return NextResponse.json({ ok: true, event, projectId });
+}