- lib/cloud-run-workspace.ts: provisions per-project Theia workspaces as
Cloud Run services (theia-{slug}), scales to zero when idle, starts in
~5-15s from cached image
- create/route.ts: imports cloud-run-workspace instead of coolify-workspace
- Image: northamerica-northeast1-docker.pkg.dev/master-ai-484822/vibn-ide/theia:latest
- Includes prewarmWorkspace() for near-zero perceived load time on login
Co-authored-by: Cursor <cursoragent@cursor.com>
- lib/coolify-workspace.ts: creates a Coolify docker-image app at
{slug}.ide.vibnai.com for each project, patches in vibn-auth Traefik
labels, sets env vars, and starts deployment
- create/route.ts: provisions Theia workspace after Gitea repo creation;
stores theiaWorkspaceUrl + theiaAppUuid on the project record
- theia-auth/route.ts: for *.ide.vibnai.com hosts, verifies the
authenticated user is the project owner (slug → fs_projects lookup)
- overview/page.tsx: Open IDE always links (dedicated URL or shared fallback)
- project-creation-modal.tsx: shows dedicated workspace URL in success screen
Co-authored-by: Cursor <cursoragent@cursor.com>
Firebase was not configured so every chat request crashed with
'Firebase Admin credentials not configured'.
- chat-mode-resolver.ts: read project phase from fs_projects (Postgres)
- chat-context.ts: load project data from fs_projects instead of Firestore
- /api/ai/conversation: store/retrieve conversations in chat_conversations
Postgres table (created automatically on first use)
- /api/ai/chat: replace all Firestore reads/writes with Postgres queries
- v_ai_chat/page.tsx: replace Firebase client auth with useSession from
next-auth/react; remove Firestore listeners, use REST API for project data
Co-authored-by: Cursor <cursoragent@cursor.com>
Without domain: .vibnai.com the cookie is scoped to vibnai.com only.
Browsers don't send it to theia.vibnai.com, so ForwardAuth sees no
token and redirects to login even when the user is already logged in.
Co-authored-by: Cursor <cursoragent@cursor.com>
BREAKING CHANGE: Replace SuperTokens with NextAuth.js
Why:
- SuperTokens had persistent Traefik routing issues
- SSL certificate not issuing correctly
- Complex infrastructure (separate container)
- NextAuth runs in Next.js app (simpler, no separate service)
Changes:
- Install next-auth, @auth/prisma-adapter, prisma
- Create NextAuth API route: app/api/auth/[...nextauth]/route.ts
- Add Prisma schema for NextAuth tables (users, sessions, accounts)
- Update auth page to use NextAuth signIn()
- Remove all SuperTokens code and dependencies
- Keep same Google OAuth (just simpler integration)
Benefits:
- No separate auth service needed
- No Traefik routing issues
- Sessions stored in Montreal PostgreSQL
- Simpler configuration
- Battle-tested, widely used
All authentication data stays in Montreal!
Co-authored-by: Cursor <cursoragent@cursor.com>
