Mark Henderson
4ba9407534
Kicks off Path B (AI_PATH_B_EXECUTION_PLAN.md): each Vibn project gets
its own vibn-dev Coolify service that the AI drives directly via shell
and filesystem tools. Sub-second iteration vs the 5-min Gitea redeploy
loop.
What's in this commit (week 1, slice 1):
- vibn-dev Dockerfile: small Ubuntu base (~500 MB target). git, ripgrep,
python3, mise. Language toolchains lazy-install on first use.
- lib/dev-container.ts: ensureDevContainer / suspend / resume /
execInDevContainer. Backed by a new fs_project_dev_containers table.
- lib/feature-flags.ts + /api/admin/path-b/{disable,enable}: kill switch.
Bearer NEXTAUTH_SECRET flips path_b_disabled, propagates in ~10s.
- New MCP tools wired into /api/mcp: devcontainer.{ensure,status,suspend},
shell.exec, fs.{read,write,edit,list,delete,glob,grep}. All enforce
workspace isolation via fs_projects ownership check.
- vibn-tools.ts: 11 new Gemini tool defs (smoke test passes, 63 total).
- chat system prompt: shell-first guidance; gitea_file_* marked
deprecated for iterative work (still available, removed week 3).
Safety nets baked in:
- pathBGuard() returns 503 from every Path B tool when the kill switch
flips
- fs.* paths locked to /workspace
- ensureResourceInWorkspaceProjects via fs_project_dev_containers PK
- per-project resource limits (1 vCPU, 1 GiB RAM) on the compose spec
Still pending (queued):
- dev_server.* (preview URLs through Traefik)
- ship tool (push to Gitea + trigger prod deploy)
- auto-push autosave to vibn-autosave/main every 5 min
- idle-suspend cron after 30 min inactivity
- HMR-through-Traefik spike
- eval harness
Made-with: Cursor
39 lines
1.5 KiB
TypeScript
39 lines
1.5 KiB
TypeScript
/**
|
|
* Path B kill switch.
|
|
*
|
|
* GET /api/admin/path-b → returns { disabled: boolean }
|
|
* POST /api/admin/path-b/disable → sets disabled=true (handled below)
|
|
* POST /api/admin/path-b/enable → sets disabled=false
|
|
*
|
|
* Auth: Bearer NEXTAUTH_SECRET (ops bootstrap), same pattern as the
|
|
* /api/admin/backfill-isolation endpoint. We deliberately do NOT accept
|
|
* workspace API keys here — flipping a global feature flag is a
|
|
* platform-level action.
|
|
*
|
|
* When `path_b_disabled = true`:
|
|
* - shell.exec, fs.*, devcontainer.* return 503 from /api/mcp
|
|
* - the chat system prompt falls back to Path A (Gitea-write) guidance
|
|
* - existing dev containers keep running until they idle-suspend
|
|
* (no force-kill — graceful drain)
|
|
*
|
|
* Reverting is a single POST. Cache TTL is 10s, so the flip propagates
|
|
* to every Vibn pod within ~10s of the SQL update.
|
|
*/
|
|
|
|
import { NextResponse } from 'next/server';
|
|
import { getFlag, setFlag } from '@/lib/feature-flags';
|
|
|
|
function authorized(request: Request): boolean {
|
|
const auth = request.headers.get('authorization') ?? '';
|
|
const bearer = auth.toLowerCase().startsWith('bearer ') ? auth.slice(7).trim() : '';
|
|
return Boolean(bearer && process.env.NEXTAUTH_SECRET && bearer === process.env.NEXTAUTH_SECRET);
|
|
}
|
|
|
|
export async function GET(request: Request) {
|
|
if (!authorized(request)) {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
|
}
|
|
const disabled = await getFlag<boolean>('path_b_disabled', false);
|
|
return NextResponse.json({ disabled });
|
|
}
|