vibn-frontend

mark/vibn-frontend

Fork 0

Commit Graph

Author	SHA1	Message	Date
Mark Henderson	651ddf1e11	Rip out Theia, ship P5.1 attach E2E + Justine UI work-in-progress Theia rip-out: - Delete app/api/theia-auth/route.ts (Traefik ForwardAuth shim) - Delete app/api/projects/[projectId]/workspace/route.ts and app/api/projects/prewarm/route.ts (Cloud Run Theia provisioning) - Delete lib/cloud-run-workspace.ts and lib/coolify-workspace.ts - Strip provisionTheiaWorkspace + theiaWorkspaceUrl/theiaAppUuid/ theiaError from app/api/projects/create/route.ts response - Remove Theia callbackUrl branch in app/auth/page.tsx - Drop "Open in Theia" button + xterm/Theia PTY copy in build/page.tsx - Drop theiaWorkspaceUrl from deployment/page.tsx Project type - Strip Theia IDE line + theia-code-os from advisor + agent-chat context strings - Scrub Theia mention from lib/auth/workspace-auth.ts comment P5.1 (custom apex domains + DNS): - lib/coolify.ts + lib/opensrs.ts: nameserver normalization, OpenSRS XML auth, Cloud DNS plumbing - scripts/smoke-attach-e2e.ts: full prod GCP + sandbox OpenSRS + prod Coolify smoke covering register/zone/A/NS/PATCH/cleanup In-progress (Justine onboarding/build, MVP setup, agent telemetry): - New (justine)/stories, project (home) layouts, mvp-setup, run, tasks routes + supporting components - Project shell + sidebar + nav refactor for the Stackless palette - Agent session API hardening (sessions, events, stream, approve, retry, stop) + atlas-chat, advisor, design-surfaces refresh - New scripts/sync-db-url-from-coolify.mjs + scripts/prisma-db-push.mjs + docker-compose.local-db.yml for local Prisma workflows - lib/dev-bypass.ts, lib/chat-context-refs.ts, lib/prd-sections.ts - Misc: stories CSS, debug/prisma route, modal-theme, BuildLivePlanPanel Made-with: Cursor	2026-04-22 18:05:01 -07:00
Mark Henderson	b9511601bc	feat(ai-access): per-workspace Gitea bot + tenant-safe Coolify proxy + MCP Ship Phases 1–3 of the multi-tenant AI access plan so an AI agent can act on a Vibn workspace with one bearer token and zero admin reach. Phase 1 — Gitea bot per workspace - Add gitea_bot_username / gitea_bot_user_id / gitea_bot_token_encrypted columns to vibn_workspaces (migrate route). - New lib/auth/secret-box.ts (AES-256-GCM, VIBN_SECRETS_KEY) for PAT at rest. - Extend lib/gitea.ts with createUser, createAccessTokenFor (Sudo PAT), createOrgTeam, addOrgTeamMember, ensureOrgTeamMembership. - ensureWorkspaceProvisioned now mints a vibn-bot-<slug> user, adds it to a Writers team (write perms only) on the workspace's org, and stores its PAT encrypted. - GET /api/workspaces/[slug]/gitea-credentials returns a workspace-scoped bot PAT + clone URL template; session or vibn_sk_ bearer auth. Phase 2 — Tenant-safe Coolify proxy + real MCP - lib/coolify.ts: projectUuidOf, listApplicationsInProject, getApplicationInProject, TenantError, env CRUD, deployments list. - Workspace-scoped REST endpoints (all filtered by coolify_project_uuid): GET/POST /api/workspaces/[slug]/apps/[uuid](/deploy\|/envs\|/deployments), GET /api/workspaces/[slug]/deployments/[deploymentUuid]/logs. - Full rewrite of /api/mcp off legacy Firebase onto Postgres vibn_sk_ keys, exposing workspace.describe, gitea.credentials, projects., apps. (list/get/deploy/deployments, envs.list/upsert/delete). Phase 3 — Settings UI AI bundle - GET /api/workspaces/[slug]/bootstrap.sh: curl\|sh installer that writes .cursor/rules, .cursor/mcp.json and appends VIBN_* to .env.local. Embeds the caller's vibn_sk_ token when invoked with bearer auth. - WorkspaceKeysPanel: single AiAccessBundleCard with system-prompt block, one-line bootstrap, Reveal-bot-PAT button, collapsible manual-setup fallback. Minted-key modal also shows the bootstrap one-liner. Ops prerequisites: - Set VIBN_SECRETS_KEY (>=16 chars) on the frontend. - Run /api/admin/migrate to add the three bot columns. - GITEA_API_TOKEN must be a site-admin token (needed for admin/users + Sudo PAT mint); otherwise provision_status lands on 'partial'. Made-with: Cursor	2026-04-21 10:49:17 -07:00

Author

SHA1

Message

Date

Mark Henderson

651ddf1e11

Rip out Theia, ship P5.1 attach E2E + Justine UI work-in-progress

Theia rip-out:
- Delete app/api/theia-auth/route.ts (Traefik ForwardAuth shim)
- Delete app/api/projects/[projectId]/workspace/route.ts and
  app/api/projects/prewarm/route.ts (Cloud Run Theia provisioning)
- Delete lib/cloud-run-workspace.ts and lib/coolify-workspace.ts
- Strip provisionTheiaWorkspace + theiaWorkspaceUrl/theiaAppUuid/
  theiaError from app/api/projects/create/route.ts response
- Remove Theia callbackUrl branch in app/auth/page.tsx
- Drop "Open in Theia" button + xterm/Theia PTY copy in build/page.tsx
- Drop theiaWorkspaceUrl from deployment/page.tsx Project type
- Strip Theia IDE line + theia-code-os from advisor + agent-chat
  context strings
- Scrub Theia mention from lib/auth/workspace-auth.ts comment

P5.1 (custom apex domains + DNS):
- lib/coolify.ts + lib/opensrs.ts: nameserver normalization, OpenSRS
  XML auth, Cloud DNS plumbing
- scripts/smoke-attach-e2e.ts: full prod GCP + sandbox OpenSRS +
  prod Coolify smoke covering register/zone/A/NS/PATCH/cleanup

In-progress (Justine onboarding/build, MVP setup, agent telemetry):
- New (justine)/stories, project (home) layouts, mvp-setup, run, tasks
  routes + supporting components
- Project shell + sidebar + nav refactor for the Stackless palette
- Agent session API hardening (sessions, events, stream, approve,
  retry, stop) + atlas-chat, advisor, design-surfaces refresh
- New scripts/sync-db-url-from-coolify.mjs +
  scripts/prisma-db-push.mjs + docker-compose.local-db.yml for
  local Prisma workflows
- lib/dev-bypass.ts, lib/chat-context-refs.ts, lib/prd-sections.ts
- Misc: stories CSS, debug/prisma route, modal-theme, BuildLivePlanPanel

Made-with: Cursor

2026-04-22 18:05:01 -07:00

Mark Henderson

b9511601bc

feat(ai-access): per-workspace Gitea bot + tenant-safe Coolify proxy + MCP

Ship Phases 1–3 of the multi-tenant AI access plan so an AI agent can
act on a Vibn workspace with one bearer token and zero admin reach.

Phase 1 — Gitea bot per workspace
- Add gitea_bot_username / gitea_bot_user_id / gitea_bot_token_encrypted
  columns to vibn_workspaces (migrate route).
- New lib/auth/secret-box.ts (AES-256-GCM, VIBN_SECRETS_KEY) for PAT at rest.
- Extend lib/gitea.ts with createUser, createAccessTokenFor (Sudo PAT),
  createOrgTeam, addOrgTeamMember, ensureOrgTeamMembership.
- ensureWorkspaceProvisioned now mints a vibn-bot-<slug> user, adds it to
  a Writers team (write perms only) on the workspace's org, and stores
  its PAT encrypted.
- GET /api/workspaces/[slug]/gitea-credentials returns a workspace-scoped
  bot PAT + clone URL template; session or vibn_sk_ bearer auth.

Phase 2 — Tenant-safe Coolify proxy + real MCP
- lib/coolify.ts: projectUuidOf, listApplicationsInProject,
  getApplicationInProject, TenantError, env CRUD, deployments list.
- Workspace-scoped REST endpoints (all filtered by coolify_project_uuid):
  GET/POST /api/workspaces/[slug]/apps/[uuid](/deploy|/envs|/deployments),
  GET /api/workspaces/[slug]/deployments/[deploymentUuid]/logs.
- Full rewrite of /api/mcp off legacy Firebase onto Postgres vibn_sk_
  keys, exposing workspace.describe, gitea.credentials, projects.*,
  apps.* (list/get/deploy/deployments, envs.list/upsert/delete).

Phase 3 — Settings UI AI bundle
- GET /api/workspaces/[slug]/bootstrap.sh: curl|sh installer that writes
  .cursor/rules, .cursor/mcp.json and appends VIBN_* to .env.local.
  Embeds the caller's vibn_sk_ token when invoked with bearer auth.
- WorkspaceKeysPanel: single AiAccessBundleCard with system-prompt block,
  one-line bootstrap, Reveal-bot-PAT button, collapsible manual-setup
  fallback. Minted-key modal also shows the bootstrap one-liner.

Ops prerequisites:
  - Set VIBN_SECRETS_KEY (>=16 chars) on the frontend.
  - Run /api/admin/migrate to add the three bot columns.
  - GITEA_API_TOKEN must be a site-admin token (needed for admin/users
    + Sudo PAT mint); otherwise provision_status lands on 'partial'.

Made-with: Cursor

2026-04-21 10:49:17 -07:00

2 Commits