mark/vibn-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Gitea auto-provisioning and webhook context sync

Browse Source 
- Add lib/gitea.ts: Gitea API client (createRepo, createWebhook,
  deleteRepo, verifyWebhookSignature)
- Add lib/coolify.ts: Coolify API client (projects, databases,
  applications, deployments)
- Update api/projects/create: auto-creates a private Gitea repo and
  registers a webhook on every new project; stores giteaRepo,
  giteaRepoUrl, giteaCloneUrl, giteaSshUrl, giteaWebhookId in project
  data; Gitea errors are non-fatal so project creation still succeeds
- Add api/webhooks/gitea: handles push, pull_request, issues events;
  verifies HMAC signature; updates contextSnapshot on project record
- Add api/webhooks/coolify: handles deployment status events; updates
  contextSnapshot.lastDeployment on project record

Requires env vars: GITEA_API_URL, GITEA_API_TOKEN, GITEA_ADMIN_USER,
GITEA_WEBHOOK_SECRET, COOLIFY_URL, COOLIFY_API_TOKEN

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Mark Henderson
2026-02-18 14:48:46 -08:00
parent 1f13d4ef74
commit 373bcee8c1
5 changed files with 650 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
app/api/projects/create/route.ts
View File

@@ -3,8 +3,13 @@ import { getServerSession } from 'next-auth';
import { authOptions } from '@/lib/auth/authOptions'; import { authOptions } from '@/lib/auth/authOptions';
import { query } from '@/lib/db-postgres'; import { query } from '@/lib/db-postgres';
import { randomUUID } from 'crypto'; import { randomUUID } from 'crypto';
import { createRepo, createWebhook, GITEA_ADMIN_USER_EXPORT } from '@/lib/gitea';
import type { ProjectPhaseData, ProjectPhaseScores } from '@/lib/types/project-artifacts'; import type { ProjectPhaseData, ProjectPhaseScores } from '@/lib/types/project-artifacts';
const GITEA_ADMIN_USER = GITEA_ADMIN_USER_EXPORT;
const APP_URL = process.env.NEXTAUTH_URL ?? process.env.NEXT_PUBLIC_APP_URL ?? 'https://vibnai.com';
const GITEA_WEBHOOK_SECRET = process.env.GITEA_WEBHOOK_SECRET ?? 'vibn-webhook-secret';
export async function POST(request: Request) { export async function POST(request: Request) {
try { try {
const session = await getServerSession(authOptions); const session = await getServerSession(authOptions);
@@ -14,7 +19,7 @@ export async function POST(request: Request) {
const email = session.user.email; const email = session.user.email;
// Resolve Firebase user ID and workspace from fs_users // Resolve user record from fs_users
const users = await query<{ id: string; data: any }>(` const users = await query<{ id: string; data: any }>(`
SELECT id, data FROM fs_users WHERE data->>'email' = $1 LIMIT 1 SELECT id, data FROM fs_users WHERE data->>'email' = $1 LIMIT 1
`, [email]); `, [email]);
@@ -49,6 +54,44 @@ export async function POST(request: Request) {
const projectId = randomUUID(); const projectId = randomUUID();
const now = new Date().toISOString(); const now = new Date().toISOString();
// ──────────────────────────────────────────────
// 1. Provision Gitea repo
// ──────────────────────────────────────────────
let giteaRepo: string | null = null;
let giteaRepoUrl: string | null = null;
let giteaCloneUrl: string | null = null;
let giteaSshUrl: string | null = null;
let giteaWebhookId: number | null = null;
let giteaError: string | null = null;
try {
const repoName = slug; // e.g. "taskmaster"
const repo = await createRepo(repoName, {
description: `${projectName} — managed by Vibn`,
private: true,
auto_init: true,
});
giteaRepo = repo.full_name; // e.g. "mark/taskmaster"
giteaRepoUrl = repo.html_url; // e.g. "https://git.vibnai.com/mark/taskmaster"
giteaCloneUrl = repo.clone_url;
giteaSshUrl = repo.ssh_url;
// 2. Register webhook on the repo pointing back to Vibn
const webhookUrl = `${APP_URL}/api/webhooks/gitea?projectId=${projectId}`;
const hook = await createWebhook(GITEA_ADMIN_USER, repoName, webhookUrl, GITEA_WEBHOOK_SECRET);
giteaWebhookId = hook.id;
console.log(`[API] Gitea repo created: ${giteaRepo}, webhook: ${giteaWebhookId}`);
} catch (err) {
// Non-fatal — log and continue. Project is still created.
giteaError = err instanceof Error ? err.message : String(err);
console.error('[API] Gitea provisioning failed (non-fatal):', giteaError);
}
// ──────────────────────────────────────────────
// 3. Save project record
// ──────────────────────────────────────────────
const projectData = { const projectData = {
id: projectId, id: projectId,
name: projectName, name: projectName,
@@ -77,6 +120,15 @@ export async function POST(request: Request) {
phaseStatus: 'not_started', phaseStatus: 'not_started',
phaseData: {} as ProjectPhaseData, phaseData: {} as ProjectPhaseData,
phaseScores: {} as ProjectPhaseScores, phaseScores: {} as ProjectPhaseScores,
// Gitea provisioning
giteaRepo,
giteaRepoUrl,
giteaCloneUrl,
giteaSshUrl,
giteaWebhookId,
giteaError,
// Context snapshot (kept fresh by webhooks)
contextSnapshot: null,
createdAt: now, createdAt: now,
updatedAt: now, updatedAt: now,
}; };
@@ -86,7 +138,7 @@ export async function POST(request: Request) {
VALUES ($1, $2::jsonb, $3, $4, $5) VALUES ($1, $2::jsonb, $3, $4, $5)
`, [projectId, JSON.stringify(projectData), firebaseUserId, workspace, slug]); `, [projectId, JSON.stringify(projectData), firebaseUserId, workspace, slug]);
// Associate unlinked sessions for this workspace path // Associate any unlinked sessions for this workspace path
if (workspacePath) { if (workspacePath) {
await query(` await query(`
UPDATE fs_sessions UPDATE fs_sessions
@@ -100,8 +152,18 @@ export async function POST(request: Request) {
`, [JSON.stringify(projectId), firebaseUserId, workspacePath]); `, [JSON.stringify(projectId), firebaseUserId, workspacePath]);
} }
console.log('[API] Created project', projectId, slug); console.log('[API] Created project', projectId, slug, '| gitea:', giteaRepo ?? 'skipped');
return NextResponse.json({ success: true, projectId, slug, workspace });
return NextResponse.json({
success: true,
projectId,
slug,
workspace,
gitea: giteaRepo
? { repo: giteaRepo, repoUrl: giteaRepoUrl, cloneUrl: giteaCloneUrl, sshUrl: giteaSshUrl }
: null,
giteaError: giteaError ?? undefined,
});
} catch (error) { } catch (error) {
console.error('[POST /api/projects/create] Error:', error); console.error('[POST /api/projects/create] Error:', error);
return NextResponse.json( return NextResponse.json(

62
app/api/webhooks/coolify/route.ts Normal file
View File

@@ -0,0 +1,62 @@
/**
* POST /api/webhooks/coolify?projectId={projectId}
*
* Receives deployment status events from Coolify.
* Updates the project's contextSnapshot.lastDeployment in Postgres.
*/
import { NextRequest, NextResponse } from 'next/server';
import { query } from '@/lib/db-postgres';
export async function POST(request: NextRequest) {
const projectId = request.nextUrl.searchParams.get('projectId');
if (!projectId) {
return NextResponse.json({ error: 'Missing projectId' }, { status: 400 });
}
let payload: any;
try {
payload = await request.json();
} catch {
return NextResponse.json({ error: 'Invalid JSON' }, { status: 400 });
}
const rows = await query<{ id: string; data: any }>(
`SELECT id, data FROM fs_projects WHERE id = $1 LIMIT 1`,
[projectId]
);
if (rows.length === 0) {
return NextResponse.json({ error: 'Project not found' }, { status: 404 });
}
const project = rows[0];
const existingSnapshot = project.data?.contextSnapshot ?? {};
// Coolify sends status events like: queued, in_progress, finished, failed, cancelled
const status = payload.status ?? payload.data?.status ?? 'unknown';
const applicationUuid = payload.application_uuid ?? payload.data?.application_uuid;
const deploymentUuid = payload.deployment_uuid ?? payload.data?.deployment_uuid;
const url = payload.fqdn ?? payload.data?.fqdn ?? null;
const newSnapshot = {
...existingSnapshot,
lastDeployment: {
status,
applicationUuid,
deploymentUuid,
url,
timestamp: new Date().toISOString(),
},
updatedAt: new Date().toISOString(),
};
await query(`
UPDATE fs_projects
SET data = jsonb_set(data, '{contextSnapshot}', $1::jsonb)
WHERE id = $2
`, [JSON.stringify(newSnapshot), projectId]);
console.log(`[webhook/coolify] deploy ${status} for project ${projectId}`);
return NextResponse.json({ ok: true, status, projectId });
}

194
app/api/webhooks/gitea/route.ts Normal file
View File

@@ -0,0 +1,194 @@
/**
* POST /api/webhooks/gitea?projectId={projectId}
*
* Receives push, pull_request, issues, and issue_comment events from Gitea.
* Verifies the HMAC signature, then updates the project's contextSnapshot
* in Postgres so the AI always has fresh context at the start of new chats.
*/
import { NextRequest, NextResponse } from 'next/server';
import { query } from '@/lib/db-postgres';
import { verifyWebhookSignature } from '@/lib/gitea';
const GITEA_WEBHOOK_SECRET = process.env.GITEA_WEBHOOK_SECRET ?? 'vibn-webhook-secret';
// ──────────────────────────────────────────────────
// Gitea payload shapes (minimal — we only read what we need)
// ──────────────────────────────────────────────────
interface GitCommit {
id: string;
message: string;
timestamp: string;
author: { name: string; email: string };
url: string;
}
interface PushPayload {
ref: string;
after: string;
commits: GitCommit[];
repository: { full_name: string; html_url: string };
pusher: { login: string };
}
interface PullRequestPayload {
action: string; // opened, closed, reopened, synchronized
number: number;
pull_request: {
title: string;
html_url: string;
state: string;
merged: boolean;
head: { label: string };
base: { label: string };
};
repository: { full_name: string };
}
interface IssuePayload {
action: string; // opened, closed, reopened
issue: {
number: number;
title: string;
html_url: string;
state: string;
body?: string;
labels?: { name: string }[];
};
repository: { full_name: string };
}
// ──────────────────────────────────────────────────
// Handler
// ──────────────────────────────────────────────────
export async function POST(request: NextRequest) {
const projectId = request.nextUrl.searchParams.get('projectId');
if (!projectId) {
return NextResponse.json({ error: 'Missing projectId' }, { status: 400 });
}
const rawBody = await request.text();
const signature = request.headers.get('x-gitea-signature-256') ?? '';
const event = request.headers.get('x-gitea-event') ?? 'unknown';
// Verify HMAC signature
const valid = await verifyWebhookSignature(rawBody, signature, GITEA_WEBHOOK_SECRET);
if (!valid) {
console.warn(`[webhook/gitea] Invalid signature for project ${projectId}`);
return NextResponse.json({ error: 'Invalid signature' }, { status: 401 });
}
let payload: any;
try {
payload = JSON.parse(rawBody);
} catch {
return NextResponse.json({ error: 'Invalid JSON' }, { status: 400 });
}
// Fetch existing project snapshot
const rows = await query<{ id: string; data: any }>(
`SELECT id, data FROM fs_projects WHERE id = $1 LIMIT 1`,
[projectId]
);
if (rows.length === 0) {
console.warn(`[webhook/gitea] Project not found: ${projectId}`);
return NextResponse.json({ error: 'Project not found' }, { status: 404 });
}
const project = rows[0];
const existingSnapshot = project.data?.contextSnapshot ?? {};
// Build updated snapshot based on event type
const updatedAt = new Date().toISOString();
let snapshotPatch: Record<string, any> = { updatedAt };
if (event === 'push') {
const push = payload as PushPayload;
const branch = push.ref?.replace('refs/heads/', '') ?? 'unknown';
const latestCommit = push.commits?.[0];
snapshotPatch.lastCommit = latestCommit
? {
sha: latestCommit.id,
message: latestCommit.message,
author: latestCommit.author?.name,
timestamp: latestCommit.timestamp,
url: latestCommit.url,
}
: existingSnapshot.lastCommit;
snapshotPatch.currentBranch = branch;
snapshotPatch.recentCommits = [
...(push.commits ?? []).slice(0, 5).map(c => ({
sha: c.id.slice(0, 8),
message: c.message.split('\n')[0],
author: c.author?.name,
timestamp: c.timestamp,
})),
...(existingSnapshot.recentCommits ?? []),
].slice(0, 10);
console.log(`[webhook/gitea] push to ${branch} on project ${projectId}`);
} else if (event === 'pull_request') {
const pr = payload as PullRequestPayload;
const openPRs: any[] = existingSnapshot.openPRs ?? [];
if (pr.action === 'opened' || pr.action === 'reopened') {
// Add or update
const existing = openPRs.findIndex((p: any) => p.number === pr.number);
const entry = {
number: pr.number,
title: pr.pull_request.title,
url: pr.pull_request.html_url,
state: pr.pull_request.state,
from: pr.pull_request.head.label,
into: pr.pull_request.base.label,
};
if (existing >= 0) openPRs[existing] = entry;
else openPRs.push(entry);
} else if (pr.action === 'closed') {
// Remove closed/merged PR from open list
const idx = openPRs.findIndex((p: any) => p.number === pr.number);
if (idx >= 0) openPRs.splice(idx, 1);
}
snapshotPatch.openPRs = openPRs;
console.log(`[webhook/gitea] PR #${pr.number} ${pr.action} on project ${projectId}`);
} else if (event === 'issues') {
const iss = payload as IssuePayload;
const openIssues: any[] = existingSnapshot.openIssues ?? [];
if (iss.action === 'opened' || iss.action === 'reopened') {
const existing = openIssues.findIndex((i: any) => i.number === iss.issue.number);
const entry = {
number: iss.issue.number,
title: iss.issue.title,
url: iss.issue.html_url,
state: iss.issue.state,
labels: (iss.issue.labels ?? []).map(l => l.name),
};
if (existing >= 0) openIssues[existing] = entry;
else openIssues.push(entry);
} else if (iss.action === 'closed') {
const idx = openIssues.findIndex((i: any) => i.number === iss.issue.number);
if (idx >= 0) openIssues.splice(idx, 1);
}
snapshotPatch.openIssues = openIssues;
console.log(`[webhook/gitea] issue #${iss.issue.number} ${iss.action} on project ${projectId}`);
}
// Merge patch into existing snapshot and persist
const newSnapshot = { ...existingSnapshot, ...snapshotPatch };
await query(`
UPDATE fs_projects
SET data = jsonb_set(data, '{contextSnapshot}', $1::jsonb)
WHERE id = $2
`, [JSON.stringify(newSnapshot), projectId]);
return NextResponse.json({ ok: true, event, projectId });
}

162
lib/coolify.ts Normal file
View File

@@ -0,0 +1,162 @@
/**
* Coolify API client for Vibn project provisioning.
*
* Used server-side only. Credentials from env vars:
* COOLIFY_URL — e.g. http://34.19.250.135:8000
* COOLIFY_API_TOKEN — admin bearer token
*/
const COOLIFY_URL = process.env.COOLIFY_URL ?? 'http://34.19.250.135:8000';
const COOLIFY_API_TOKEN = process.env.COOLIFY_API_TOKEN ?? '';
export interface CoolifyProject {
uuid: string;
name: string;
description?: string;
}
export interface CoolifyDatabase {
uuid: string;
name: string;
type: string;
status: string;
internal_db_url?: string;
external_db_url?: string;
}
export interface CoolifyApplication {
uuid: string;
name: string;
status: string;
fqdn?: string;
git_repository?: string;
git_branch?: string;
}
async function coolifyFetch(path: string, options: RequestInit = {}) {
const url = `${COOLIFY_URL}/api/v1${path}`;
const res = await fetch(url, {
...options,
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${COOLIFY_API_TOKEN}`,
...(options.headers ?? {}),
},
});
if (!res.ok) {
const text = await res.text();
throw new Error(`Coolify API error ${res.status} on ${path}: ${text}`);
}
if (res.status === 204) return null;
return res.json();
}
// ──────────────────────────────────────────────────
// Projects
// ──────────────────────────────────────────────────
export async function listProjects(): Promise<CoolifyProject[]> {
return coolifyFetch('/projects');
}
export async function createProject(name: string, description?: string): Promise<CoolifyProject> {
return coolifyFetch('/projects', {
method: 'POST',
body: JSON.stringify({ name, description }),
});
}
export async function getProject(uuid: string): Promise<CoolifyProject> {
return coolifyFetch(`/projects/${uuid}`);
}
export async function deleteProject(uuid: string): Promise<void> {
await coolifyFetch(`/projects/${uuid}`, { method: 'DELETE' });
}
// ──────────────────────────────────────────────────
// Databases
// ──────────────────────────────────────────────────
type DBType = 'postgresql' | 'mysql' | 'mariadb' | 'redis' | 'mongodb' | 'keydb';
export async function createDatabase(opts: {
projectUuid: string;
name: string;
type: DBType;
serverUuid?: string;
environmentName?: string;
}): Promise<CoolifyDatabase> {
const { projectUuid, name, type, serverUuid = '0', environmentName = 'production' } = opts;
return coolifyFetch(`/databases`, {
method: 'POST',
body: JSON.stringify({
project_uuid: projectUuid,
name,
type,
server_uuid: serverUuid,
environment_name: environmentName,
}),
});
}
export async function getDatabase(uuid: string): Promise<CoolifyDatabase> {
return coolifyFetch(`/databases/${uuid}`);
}
export async function deleteDatabase(uuid: string): Promise<void> {
await coolifyFetch(`/databases/${uuid}`, { method: 'DELETE' });
}
// ──────────────────────────────────────────────────
// Applications
// ──────────────────────────────────────────────────
export async function createApplication(opts: {
projectUuid: string;
name: string;
gitRepo: string; // e.g. "https://git.vibnai.com/mark/taskmaster.git"
gitBranch?: string;
serverUuid?: string;
environmentName?: string;
buildPack?: string; // nixpacks, static, dockerfile
ports?: string; // e.g. "3000"
}): Promise<CoolifyApplication> {
const {
projectUuid, name, gitRepo,
gitBranch = 'main',
serverUuid = '0',
environmentName = 'production',
buildPack = 'nixpacks',
ports = '3000',
} = opts;
return coolifyFetch(`/applications`, {
method: 'POST',
body: JSON.stringify({
project_uuid: projectUuid,
name,
git_repository: gitRepo,
git_branch: gitBranch,
server_uuid: serverUuid,
environment_name: environmentName,
build_pack: buildPack,
ports_exposes: ports,
}),
});
}
export async function deployApplication(uuid: string): Promise<{ deployment_uuid: string }> {
return coolifyFetch(`/applications/${uuid}/deploy`, { method: 'POST' });
}
export async function getApplication(uuid: string): Promise<CoolifyApplication> {
return coolifyFetch(`/applications/${uuid}`);
}
export async function getDeploymentLogs(deploymentUuid: string): Promise<{ logs: string }> {
return coolifyFetch(`/deployments/${deploymentUuid}/logs`);
}

166
lib/gitea.ts Normal file
View File

@@ -0,0 +1,166 @@
/**
* Gitea API client for Vibn project provisioning.
*
* Used server-side only. Credentials come from env vars:
* GITEA_API_URL — e.g. https://git.vibnai.com
* GITEA_API_TOKEN — admin token
* GITEA_ADMIN_USER — default owner for repos (e.g. "mark")
*/
const GITEA_API_URL = process.env.GITEA_API_URL ?? 'https://git.vibnai.com';
const GITEA_API_TOKEN = process.env.GITEA_API_TOKEN ?? '';
const GITEA_ADMIN_USER = process.env.GITEA_ADMIN_USER ?? 'mark';
export interface GiteaRepo {
id: number;
name: string;
full_name: string;
html_url: string;
clone_url: string;
ssh_url: string;
private: boolean;
default_branch: string;
}
export interface GiteaWebhook {
id: number;
type: string;
active: boolean;
config: {
url: string;
content_type: string;
secret?: string;
};
}
async function giteaFetch(path: string, options: RequestInit = {}) {
const url = `${GITEA_API_URL}/api/v1${path}`;
const res = await fetch(url, {
...options,
headers: {
'Content-Type': 'application/json',
Authorization: `token ${GITEA_API_TOKEN}`,
...(options.headers ?? {}),
},
});
if (!res.ok) {
const text = await res.text();
throw new Error(`Gitea API error ${res.status} on ${path}: ${text}`);
}
if (res.status === 204) return null;
return res.json();
}
/**
* Create a new repo under the admin user (or a specified owner).
*/
export async function createRepo(
name: string,
opts: { description?: string; private?: boolean; owner?: string; auto_init?: boolean } = {}
): Promise<GiteaRepo> {
const { description = '', private: isPrivate = true, owner = GITEA_ADMIN_USER, auto_init = true } = opts;
return giteaFetch(`/user/repos`, {
method: 'POST',
body: JSON.stringify({
name,
description,
private: isPrivate,
auto_init,
default_branch: 'main',
}),
});
}
/**
* Get an existing repo.
*/
export async function getRepo(owner: string, repo: string): Promise<GiteaRepo | null> {
try {
return await giteaFetch(`/repos/${owner}/${repo}`);
} catch {
return null;
}
}
/**
* Delete a repo (used for project cleanup).
*/
export async function deleteRepo(owner: string, repo: string): Promise<void> {
await giteaFetch(`/repos/${owner}/${repo}`, { method: 'DELETE' });
}
/**
* Register a webhook on a repo that fires on push, PR, and issue events.
*
* @param owner Repo owner (user or org)
* @param repo Repo name
* @param webhookUrl Target URL — should include projectId as query param
* @param secret Shared secret for payload signature verification
*/
export async function createWebhook(
owner: string,
repo: string,
webhookUrl: string,
secret: string
): Promise<GiteaWebhook> {
return giteaFetch(`/repos/${owner}/${repo}/hooks`, {
method: 'POST',
body: JSON.stringify({
type: 'gitea',
active: true,
events: ['push', 'pull_request', 'issues', 'issue_comment'],
config: {
url: webhookUrl,
content_type: 'json',
secret,
},
}),
});
}
/**
* List webhooks on a repo.
*/
export async function listWebhooks(owner: string, repo: string): Promise<GiteaWebhook[]> {
return giteaFetch(`/repos/${owner}/${repo}/hooks`);
}
/**
* Delete a webhook.
*/
export async function deleteWebhook(owner: string, repo: string, hookId: number): Promise<void> {
await giteaFetch(`/repos/${owner}/${repo}/hooks/${hookId}`, { method: 'DELETE' });
}
/**
* Verify the X-Gitea-Signature-256 header on an incoming webhook payload.
* Returns true if the signature matches.
*/
export async function verifyWebhookSignature(
body: string,
signature: string,
secret: string
): Promise<boolean> {
if (!signature?.startsWith('sha256=')) return false;
const encoder = new TextEncoder();
const key = await crypto.subtle.importKey(
'raw',
encoder.encode(secret),
{ name: 'HMAC', hash: 'SHA-256' },
false,
['sign']
);
const sigBytes = await crypto.subtle.sign('HMAC', key, encoder.encode(body));
const expected = 'sha256=' + Array.from(new Uint8Array(sigBytes))
.map(b => b.toString(16).padStart(2, '0'))
.join('');
return expected === signature;
}
export const GITEA_ADMIN_USER_EXPORT = GITEA_ADMIN_USER;