entrypoint.sh: removed --accept-data-loss from prisma db push.
That flag was silently dropping fs_users, fs_projects etc. on every
container restart, wiping all user/project data. Made the push
non-fatal so a schema mismatch doesn't block startup.
create/route.ts: fixed same broken ON CONFLICT expression as
authOptions.ts — replaced with explicit SELECT + INSERT/UPDATE
to reliably upsert fs_users before inserting the project.
Made-with: Cursor
agent-chat/route.ts:
- Loads conversation history from chat_conversations before each turn
- Passes history + knowledge context to agent runner
- Saves returned history back to chat_conversations after each turn
- Saves AI-generated memory updates to fs_knowledge_items
knowledge/route.ts (new):
- GET /api/projects/[id]/knowledge — list all knowledge items
- POST /api/projects/[id]/knowledge — add/update item by key
- DELETE /api/projects/[id]/knowledge?id=xxx — remove item
OrchestratorChat.tsx:
- Added "Saved to memory" label for save_memory tool calls
Made-with: Cursor
ON CONFLICT expression matching was silently failing due to a mismatch
between the query expression and the index definition (::text cast).
Replaced with an explicit SELECT-then-INSERT-or-UPDATE pattern.
Made-with: Cursor
- Tool call names now show human-readable labels ("Dispatched agent"
instead of "spawn_agent"), deduped if called multiple times
- Model label only shown when a real value is returned; "unknown"
and null are suppressed; model names shortened (GLM-5, Gemini)
Made-with: Cursor
Was importing from @/lib/auth (which doesn't exist); correct path
is @/lib/auth/authOptions — this caused the Turbopack build to fail.
Made-with: Cursor
Without this, Theia's startup script could not configure Gemini AI
features or write the correct settings.json (dark theme, API key).
New workspaces now receive GOOGLE_API_KEY from the vibn-frontend env.
Co-authored-by: Cursor <cursoragent@cursor.com>
Adds .prompts/project-info.prompttemplate to the Turborepo scaffold so
every new user project gets a customized context file loaded by the Code
OS agent — including build commands, workspace structure, and shared
package import paths with the project's actual slug injected.
Co-authored-by: Cursor <cursoragent@cursor.com>
GCE metadata tokens lack the cloud-platform OAuth scope, causing 403
PERMISSION_DENIED when creating Cloud Run services. Use an explicit JWT
from GOOGLE_SERVICE_ACCOUNT_KEY env var when present, with ADC as fallback.
Co-authored-by: Cursor <cursoragent@cursor.com>
- POST /api/projects/[id]/workspace: provisions a Cloud Run Theia service
on demand and saves the URL to the project record
- overview/page.tsx: shows 'Provision IDE' button when theiaWorkspaceUrl
is null, 'Open IDE' link once provisioned
- Also fixes log spam: retired Firebase session tracking endpoint (410 Gone)
Co-authored-by: Cursor <cursoragent@cursor.com>
Returns 410 Gone instead of crashing with adminDb.collection errors.
Was flooding logs with TypeError on every call from the old Cursor extension.
Co-authored-by: Cursor <cursoragent@cursor.com>
- /privacy — BC PIPA/PIPEDA compliant privacy policy
- /terms — Terms of service governed by BC law
- Footer updated with Privacy, Terms, and Contact links
Co-authored-by: Cursor <cursoragent@cursor.com>
- gemini-client.ts: replaces Vertex AI REST + service account auth with
direct generativelanguage.googleapis.com calls using GOOGLE_API_KEY.
Removes all Firebase credential setup code.
- summarize/route.ts: same migration, simplified to a single fetch call.
- No longer depends on gen-lang-client-0980079410 GCP project for AI calls.
Co-authored-by: Cursor <cursoragent@cursor.com>
- lib/cloud-run-workspace.ts: provisions per-project Theia workspaces as
Cloud Run services (theia-{slug}), scales to zero when idle, starts in
~5-15s from cached image
- create/route.ts: imports cloud-run-workspace instead of coolify-workspace
- Image: northamerica-northeast1-docker.pkg.dev/master-ai-484822/vibn-ide/theia:latest
- Includes prewarmWorkspace() for near-zero perceived load time on login
Co-authored-by: Cursor <cursoragent@cursor.com>
- lib/coolify-workspace.ts: creates a Coolify docker-image app at
{slug}.ide.vibnai.com for each project, patches in vibn-auth Traefik
labels, sets env vars, and starts deployment
- create/route.ts: provisions Theia workspace after Gitea repo creation;
stores theiaWorkspaceUrl + theiaAppUuid on the project record
- theia-auth/route.ts: for *.ide.vibnai.com hosts, verifies the
authenticated user is the project owner (slug → fs_projects lookup)
- overview/page.tsx: Open IDE always links (dedicated URL or shared fallback)
- project-creation-modal.tsx: shows dedicated workspace URL in success screen
Co-authored-by: Cursor <cursoragent@cursor.com>
Firebase was not configured so every chat request crashed with
'Firebase Admin credentials not configured'.
- chat-mode-resolver.ts: read project phase from fs_projects (Postgres)
- chat-context.ts: load project data from fs_projects instead of Firestore
- /api/ai/conversation: store/retrieve conversations in chat_conversations
Postgres table (created automatically on first use)
- /api/ai/chat: replace all Firestore reads/writes with Postgres queries
- v_ai_chat/page.tsx: replace Firebase client auth with useSession from
next-auth/react; remove Firestore listeners, use REST API for project data
Co-authored-by: Cursor <cursoragent@cursor.com>
Replace .vibn file instruction with Gitea repo link, provisioning
checklist, and Open IDE / Go to Project buttons. Store gitea repo
info from API response to display in the success state.
Co-authored-by: Cursor <cursoragent@cursor.com>
Two issues:
1. ForwardAuth redirect used x-forwarded-host which Traefik sets to
vibnai.com (the auth service host), not theia.vibnai.com. Now
hardcodes THEIA_URL as the callbackUrl destination.
2. /auth page ignored callbackUrl and always sent users to
/marks-account/projects. Now follows callbackUrl when it points
to theia.vibnai.com, so users land in the IDE after login.
Co-authored-by: Cursor <cursoragent@cursor.com>
Firebase is not configured - auth was undefined causing the error
'Cannot read properties of undefined (reading signOut)'.
Use next-auth/react signOut with callbackUrl to redirect to /auth.
Co-authored-by: Cursor <cursoragent@cursor.com>
Without domain: .vibnai.com the cookie is scoped to vibnai.com only.
Browsers don't send it to theia.vibnai.com, so ForwardAuth sees no
token and redirects to login even when the user is already logged in.
Co-authored-by: Cursor <cursoragent@cursor.com>
db-postgres.ts query() returns T[] directly, not a QueryResult object.
result.rows was undefined, causing the session lookup to always
return null and redirect to login even with a valid session token.
Co-authored-by: Cursor <cursoragent@cursor.com>
Prisma maps sessionToken → session_token and userId → user_id
in the PostgreSQL sessions table. The forwardAuth query was using
the wrong camelCase column names.
Co-authored-by: Cursor <cursoragent@cursor.com>
Coolify writes a .env file into the build context directory which
gets COPY'd into the builder container. Next.js then loads these
env vars (including DATABASE_URL, GITEA_API_TOKEN etc.) during
the build, causing some routes that reference those vars to fail
static analysis and be silently dropped from the build output.
Exclude all .env* files from the Docker build context so the
Next.js build runs with only the vars explicitly passed as build
args or set in the Dockerfile.
Co-authored-by: Cursor <cursoragent@cursor.com>
Avoid importing authOptions/PrismaClient in the forwardAuth endpoint.
Under --network host (Coolify's build flag), routes that import Prisma
at module evaluation time are silently dropped from the build output.
Instead, read the NextAuth session-token cookie directly and verify
it with a raw SQL query against the sessions table - the same pattern
used by other working API routes via @/lib/db-postgres.
Co-authored-by: Cursor <cursoragent@cursor.com>
next-auth/jwt subpath import causes Next.js to silently drop the
route from the standalone build output. Switch to getServerSession
which is used by all other working API routes.
Co-authored-by: Cursor <cursoragent@cursor.com>
NextAuth catches all /api/auth/* routes via [...nextauth] catch-all.
Move the Traefik forwardAuth endpoint to /api/theia-auth to avoid
the conflict. Traefik dynamic config updated to match.
Co-authored-by: Cursor <cursoragent@cursor.com>
POST /api/auth/theia-check validates the NextAuth session cookie
forwarded by Traefik. Returns 200 for authenticated users with
X-Auth-User/Email/Name headers, or 302 redirect to /auth for
unauthenticated requests — preserving the original Theia URL as
callbackUrl so users land back in the IDE after login.
Co-authored-by: Cursor <cursoragent@cursor.com>
