vibn-frontend/app/api/projects/[projectId]/agent/sessions/[sessionId]/route.ts

/**
 * GET  /api/projects/[projectId]/agent/sessions/[sessionId]
 *   Fetch a session's full state — status, output log, changed files.
 *   Frontend polls this (or will switch to WebSocket in Phase 3).
 *
 * POST /api/projects/[projectId]/agent/sessions/[sessionId]/stop
 *   (handled in /stop/route.ts)
 */
import { NextResponse } from "next/server";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth/authOptions";
import { query } from "@/lib/db-postgres";

export async function GET(
  _req: Request,
  { params }: { params: Promise<{ projectId: string; sessionId: string }> }
) {
  try {
    const { projectId, sessionId } = await params;
    const session = await getServerSession(authOptions);
    if (!session?.user?.email) {
      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
    }

    const rows = await query<{
      id: string;
      app_name: string;
      app_path: string;
      task: string;
      plan: unknown;
      status: string;
      output: Array<{ ts: string; type: string; text: string }>;
      changed_files: Array<{ path: string; status: string }>;
      error: string | null;
      created_at: string;
      started_at: string | null;
      completed_at: string | null;
    }>(
      `SELECT s.id, s.app_name, s.app_path, s.task, s.plan,
              s.status, s.output, s.changed_files, s.error,
              s.created_at, s.started_at, s.completed_at
       FROM agent_sessions s
       JOIN fs_projects p ON p.id::text = s.project_id::text
       JOIN fs_users u ON u.id = p.user_id
       WHERE s.id = $1::uuid AND s.project_id::text = $2 AND u.data->>'email' = $3
       LIMIT 1`,
      [sessionId, projectId, session.user.email]
    );

    if (rows.length === 0) {
      return NextResponse.json({ error: "Session not found" }, { status: 404 });
    }

    return NextResponse.json({ session: rows[0] });
  } catch (err) {
    console.error("[agent/sessions/[id] GET]", err);
    return NextResponse.json({ error: "Failed to fetch session" }, { status: 500 });
  }
}

export async function PATCH(
  req: Request,
  { params }: { params: Promise<{ projectId: string; sessionId: string }> }
) {
  /**
   * Internal endpoint called by vibn-agent-runner to append output lines
   * and update status. Requires x-agent-runner-secret header.
   */
  const secret = process.env.AGENT_RUNNER_SECRET ?? "";
  const incomingSecret = req.headers.get("x-agent-runner-secret") ?? "";
  if (secret && incomingSecret !== secret) {
    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
  }

  try {
    const { sessionId } = await params;
    const body = await req.json() as {
      status?: string;
      outputLine?: { ts: string; type: string; text: string };
      changedFile?: { path: string; status: string };
      error?: string;
    };

    const updates: string[] = ["updated_at = now()"];
    const values: unknown[] = [];
    let idx = 1;

    if (body.status) {
      updates.push(`status = $${idx++}`);
      values.push(body.status);
      if (["done", "approved", "failed", "stopped"].includes(body.status)) {
        updates.push(`completed_at = now()`);
      }
    }

    if (body.error) {
      updates.push(`error = $${idx++}`);
      values.push(body.error);
    }

    if (body.outputLine) {
      updates.push(`output = output || $${idx++}::jsonb`);
      values.push(JSON.stringify([body.outputLine]));
    }

    if (body.changedFile) {
      updates.push(`changed_files = changed_files || $${idx++}::jsonb`);
      values.push(JSON.stringify([body.changedFile]));
    }

    values.push(sessionId);
    await query(
      `UPDATE agent_sessions SET ${updates.join(", ")} WHERE id = $${idx}::uuid`,
      values
    );

    return NextResponse.json({ ok: true });
  } catch (err) {
    console.error("[agent/sessions/[id] PATCH]", err);
    return NextResponse.json({ error: "Failed to update session" }, { status: 500 });
  }
}