feat(ai-access): per-workspace Gitea bot + tenant-safe Coolify proxy + MCP

Ship Phases 1–3 of the multi-tenant AI access plan so an AI agent can act on a Vibn workspace with one bearer token and zero admin reach. Phase 1 — Gitea bot per workspace - Add gitea_bot_username / gitea_bot_user_id / gitea_bot_token_encrypted columns to vibn_workspaces (migrate route). - New lib/auth/secret-box.ts (AES-256-GCM, VIBN_SECRETS_KEY) for PAT at rest. - Extend lib/gitea.ts with createUser, createAccessTokenFor (Sudo PAT), createOrgTeam, addOrgTeamMember, ensureOrgTeamMembership. - ensureWorkspaceProvisioned now mints a vibn-bot-<slug> user, adds it to a Writers team (write perms only) on the workspace's org, and stores its PAT encrypted. - GET /api/workspaces/[slug]/gitea-credentials returns a workspace-scoped bot PAT + clone URL template; session or vibn_sk_ bearer auth. Phase 2 — Tenant-safe Coolify proxy + real MCP - lib/coolify.ts: projectUuidOf, listApplicationsInProject, getApplicationInProject, TenantError, env CRUD, deployments list. - Workspace-scoped REST endpoints (all filtered by coolify_project_uuid): GET/POST /api/workspaces/[slug]/apps/[uuid](/deploy|/envs|/deployments), GET /api/workspaces/[slug]/deployments/[deploymentUuid]/logs. - Full rewrite of /api/mcp off legacy Firebase onto Postgres vibn_sk_ keys, exposing workspace.describe, gitea.credentials, projects.*, apps.* (list/get/deploy/deployments, envs.list/upsert/delete). Phase 3 — Settings UI AI bundle - GET /api/workspaces/[slug]/bootstrap.sh: curl|sh installer that writes .cursor/rules, .cursor/mcp.json and appends VIBN_* to .env.local. Embeds the caller's vibn_sk_ token when invoked with bearer auth. - WorkspaceKeysPanel: single AiAccessBundleCard with system-prompt block, one-line bootstrap, Reveal-bot-PAT button, collapsible manual-setup fallback. Minted-key modal also shows the bootstrap one-liner. Ops prerequisites: - Set VIBN_SECRETS_KEY (>=16 chars) on the frontend. - Run /api/admin/migrate to add the three bot columns. - GITEA_API_TOKEN must be a site-admin token (needed for admin/users + Sudo PAT mint); otherwise provision_status lands on 'partial'. Made-with: Cursor
2026-04-21 10:49:17 -07:00
parent 6ccfdee65f
commit b9511601bc
29 changed files with 1716 additions and 330 deletions
--- a/app/api/admin/migrate/route.ts
+++ b/app/api/admin/migrate/route.ts
@@ -187,6 +187,17 @@ export async function POST(req: NextRequest) {
    // this new UUID FK is the canonical link.
    `ALTER TABLE fs_projects ADD COLUMN IF NOT EXISTS vibn_workspace_id UUID REFERENCES vibn_workspaces(id) ON DELETE SET NULL`,
    `CREATE INDEX IF NOT EXISTS fs_projects_vibn_workspace_idx ON fs_projects (vibn_workspace_id)`,
+
+    // ── Per-workspace Gitea bot user (for direct AI access) ──────────
+    // Each workspace gets its own Gitea user with a PAT scoped to the
+    // workspace's org, so AI agents can `git clone` / push directly
+    // without ever touching the root admin token.
+    //
+    // Token is encrypted at rest with AES-256-GCM using VIBN_SECRETS_KEY.
+    // Layout: iv(12) || ciphertext || authTag(16), base64-encoded.
+    `ALTER TABLE vibn_workspaces ADD COLUMN IF NOT EXISTS gitea_bot_username TEXT`,
+    `ALTER TABLE vibn_workspaces ADD COLUMN IF NOT EXISTS gitea_bot_user_id INT`,
+    `ALTER TABLE vibn_workspaces ADD COLUMN IF NOT EXISTS gitea_bot_token_encrypted TEXT`,
  ];

  for (const stmt of statements) {