npm - @promptbook/cli - Versions diffs - 0.103.0-48 → 0.103.0-49 - Mend

@promptbook/cli 0.103.0-48 → 0.103.0-49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (110) hide show

package/apps/agents-server/src/middleware.ts ADDED Viewed

@@ -0,0 +1,162 @@
+import { TODO_any } from '@promptbook-local/types';
+import { createClient } from '@supabase/supabase-js';
+import { NextRequest, NextResponse } from 'next/server';
+import { SERVERS, SUPABASE_TABLE_PREFIX } from '../config';
+import { isIpAllowed } from './utils/isIpAllowed';
+// Note: Re-implementing normalizeTo_PascalCase to avoid importing from @promptbook-local/utils which might have Node.js dependencies
+function normalizeTo_PascalCase(text: string): string {
+    return text
+        .replace(/(?:^\w|[A-Z]|\b\w)/g, (word, index) => {
+            return word.toUpperCase();
+        })
+        .replace(/\s+/g, '');
+}
+export async function middleware(req: NextRequest) {
+    // 1. Get client IP
+    let ip = (req as TODO_any).ip;
+    const xForwardedFor = req.headers.get('x-forwarded-for');
+    if (!ip && xForwardedFor) {
+        ip = xForwardedFor.split(',')[0].trim();
+    }
+    // Fallback for local development if needed, though req.ip is usually ::1 or 127.0.0.1
+    ip = ip || '127.0.0.1';
+    // 2. Determine allowed IPs
+    // Priority: Metadata > Environment Variable
+    const allowedIpsEnv = process.env.RESTRICT_IP;
+    let allowedIpsMetadata: string | null = null;
+    // To fetch metadata, we need to know the table name, which depends on the host
+    const host = req.headers.get('host');
+    if (host) {
+        let tablePrefix = SUPABASE_TABLE_PREFIX;
+        if (SERVERS && SERVERS.length > 0) {
+            // Logic mirrored from src/tools/$provideServer.ts
+            if (SERVERS.some((server) => server === host)) {
+                let serverName = host;
+                serverName = serverName.replace(/\.ptbk\.io$/, '');
+                serverName = normalizeTo_PascalCase(serverName);
+                tablePrefix = `server_${serverName}_`;
+            }
+        }
+        const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL;
+        const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY || process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY;
+        if (supabaseUrl && supabaseKey) {
+            try {
+                const supabase = createClient(supabaseUrl, supabaseKey, {
+                    auth: {
+                        persistSession: false,
+                        autoRefreshToken: false,
+                    },
+                });
+                const { data } = await supabase
+                    .from(`${tablePrefix}Metadata`)
+                    .select('value')
+                    .eq('key', 'RESTRICT_IP')
+                    .single();
+                if (data && data.value) {
+                    allowedIpsMetadata = data.value;
+                }
+            } catch (error) {
+                console.error('Error fetching metadata in middleware:', error);
+            }
+        }
+    }
+    const allowedIps = allowedIpsMetadata !== null && allowedIpsMetadata !== undefined ? allowedIpsMetadata : allowedIpsEnv;
+    if (isIpAllowed(ip, allowedIps)) {
+        // 3. Custom Domain Routing
+        //    If the host is not one of the configured SERVERS, try to find an agent with a matching META LINK
+        if (host && SERVERS && !SERVERS.some((server) => server === host)) {
+            const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL;
+            const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY || process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY;
+            if (supabaseUrl && supabaseKey) {
+                const supabase = createClient(supabaseUrl, supabaseKey, {
+                    auth: {
+                        persistSession: false,
+                        autoRefreshToken: false,
+                    },
+                });
+                // Determine prefixes to check
+                // We check all configured servers because the custom domain could point to any of them
+                // (or if they share the database, we need to check the relevant tables)
+                const serversToCheck = SERVERS;
+                // TODO: [🧠] If there are many servers, this loop might be slow. Optimize if needed.
+                for (const serverHost of serversToCheck) {
+                    let serverName = serverHost;
+                    serverName = serverName.replace(/\.ptbk\.io$/, '');
+                    serverName = normalizeTo_PascalCase(serverName);
+                    const prefix = `server_${serverName}_`;
+                    // Search for agent with matching META LINK
+                    // agentProfile->links is an array of strings
+                    // We check if it contains the host, or https://host, or http://host
+                    const searchLinks = [host, `https://${host}`, `http://${host}`];
+                    // Construct OR filter: agentProfile.cs.{"links":["link1"]},agentProfile.cs.{"links":["link2"]},...
+                    const orFilter = searchLinks.map(link => `agentProfile.cs.{"links":["${link}"]}`).join(',');
+                    try {
+                        const { data } = await supabase
+                            .from(`${prefix}Agent`)
+                            .select('agentName')
+                            .or(orFilter)
+                            .limit(1)
+                            .single();
+                        if (data && data.agentName) {
+                            // Found the agent!
+                            const url = req.nextUrl.clone();
+                            url.pathname = `/${data.agentName}`;
+                            // Pass the server context to the app via header
+                            const requestHeaders = new Headers(req.headers);
+                            requestHeaders.set('x-promptbook-server', serverHost);
+                            return NextResponse.rewrite(url, {
+                                request: {
+                                    headers: requestHeaders,
+                                },
+                            });
+                        }
+                    } catch (error) {
+                         // Ignore error (e.g. table not found, or agent not found) and continue to next server
+                         // console.error(`Error checking server ${serverHost} for custom domain ${host}:`, error);
+                    }
+                }
+            }
+        }
+        return NextResponse.next();
+    }
+    return new NextResponse('Forbidden', { status: 403 });
+}
+export const config = {
+    matcher: [
+        /*
+         * Match all request paths except for the ones starting with:
+         * - _next/static (static files)
+         * - _next/image (image optimization files)
+         * - favicon.ico (favicon file)
+         * - public folder
+         */
+        '/((?!_next/static|_next/image|favicon.ico|logo-|fonts/).*)',
+    ],
+};

package/apps/agents-server/src/tools/$provideAgentCollectionForServer.ts CHANGED Viewed

@@ -2,7 +2,9 @@
 import { AgentCollectionInSupabase } from '@promptbook-local/core';
 import { AgentCollection } from '@promptbook-local/types';
+import { just } from '../../../../src/utils/organization/just';
 import { $provideSupabaseForServer } from '../database/$provideSupabaseForServer';
+import { $provideServer } from './$provideServer';
 /**
  * Cache of provided agent collection
@@ -12,22 +14,22 @@ import { $provideSupabaseForServer } from '../database/$provideSupabaseForServer
 let agentCollection: null | AgentCollection = null;
 /**
- * !!!!
+ * [🐱‍🚀]
  */
 export async function $provideAgentCollectionForServer(): Promise<AgentCollection> {
     // <- Note: This function is potentially async
-    // TODO: !!!! [🌕] DRY
+    // TODO: [🐱‍🚀] [🌕] DRY
-    const isVerbose = true; // <- TODO: !!!! Pass
+    const isVerbose = true; // <- TODO: [🐱‍🚀] Pass
-    if (agentCollection !== null) {
-        console.log('!!! Returning cached agent collection');
+    if (agentCollection !== null && just(false /* <- TODO: [🐱‍🚀] Fix caching */)) {
+        console.log('[🐱‍🚀] Returning cached agent collection');
         return agentCollection;
-        // TODO: !!!! Be aware of options changes
+        // TODO: [🐱‍🚀] Be aware of options changes
     }
-    console.log('!!! Creating NEW agent collection');
+    console.log('[🐱‍🚀] Creating NEW agent collection');
     /*
     // TODO: [🧟‍♂️][◽] DRY:
@@ -41,9 +43,11 @@ export async function $provideAgentCollectionForServer(): Promise<AgentCollectio
     */
     const supabase = $provideSupabaseForServer();
+    const { tablePrefix } = await $provideServer();
     agentCollection = new AgentCollectionInSupabase(supabase, {
         isVerbose,
+        tablePrefix,
     });
     return agentCollection;

package/apps/agents-server/src/tools/$provideCdnForServer.ts CHANGED Viewed

@@ -9,7 +9,7 @@ import { IIFilesStorageWithCdn } from '../utils/cdn/interfaces/IFilesStorage';
 let cdn: IIFilesStorageWithCdn | null = null;
 /**
- * !!!
+ * [🐱‍🚀]
  */
 export function $provideCdnForServer(): IIFilesStorageWithCdn {
     if (!cdn) {

package/apps/agents-server/src/tools/$provideExecutionToolsForServer.ts CHANGED Viewed

@@ -43,11 +43,11 @@ $sideEffect(
     _MarkitdownScraperMetadataRegistration,
     _PdfScraperMetadataRegistration,
     _WebsiteScraperMetadataRegistration,
-    // <- TODO: !!! Export all registrations from one variabile in `@promptbook/core`
+    // <- TODO: [🐱‍🚀] Export all registrations from one variabile in `@promptbook/core`
 );
 $sideEffect(/* [㊗] */ _OpenAiRegistration);
 $sideEffect(/* [㊗] */ _GoogleRegistration);
-// <- TODO: !!!! Allow to dynamically install required metadata
+// <- TODO: [🐱‍🚀] Allow to dynamically install required metadata
 /**
  * Cache of provided execution tools
@@ -56,8 +56,6 @@ $sideEffect(/* [㊗] */ _GoogleRegistration);
  */
 let executionTools: null | ExecutionTools = null;
 /*
 TODO: [▶️]
 type ProvideExecutionToolsForServerOptions = {
@@ -66,25 +64,25 @@ type ProvideExecutionToolsForServerOptions = {
 */
 /**
- * !!!!
+ * [🐱‍🚀]
  */
 export async function $provideExecutionToolsForServer(): Promise<ExecutionTools> {
-    // TODO: !!!! [🌕] DRY
+    // TODO: [🐱‍🚀] [🌕] DRY
-    // const path = '../../agents'; // <- TODO: !!!! Pass
-    const isVerbose = true; // <- TODO: !!!! Pass
-    const isCacheReloaded = false; // <- TODO: !!!! Pass
+    // const path = '../../agents'; // <- TODO: [🐱‍🚀] Pass
+    const isVerbose = true; // <- TODO: [🐱‍🚀] Pass
+    const isCacheReloaded = false; // <- TODO: [🐱‍🚀] Pass
     const cliOptions = {
         provider: 'BRING_YOUR_OWN_KEYS',
-    } as TODO_any; // <- TODO: !!!! Pass
+    } as TODO_any; // <- TODO: [🐱‍🚀] Pass
     if (executionTools !== null) {
-        console.log('!!! Returning cached execution tools');
+        console.log('[🐱‍🚀] Returning cached execution tools');
         return executionTools;
-        // TODO: !!!! Be aware of options changes
+        // TODO: [🐱‍🚀] Be aware of options changes
     }
-    console.log('!!! Creating NEW execution tools');
+    console.log('[🐱‍🚀] Creating NEW execution tools');
     // TODO: DRY [◽]
     const prepareAndScrapeOptions = {

package/apps/agents-server/src/tools/$provideOpenAiAssistantExecutionToolsForServer.ts CHANGED Viewed

@@ -10,23 +10,23 @@ import { OpenAiAssistantExecutionTools } from '@promptbook-local/openai';
 let executionTools: null | OpenAiAssistantExecutionTools = null;
 /**
- * !!!!
+ * [🐱‍🚀]
  */
 export async function $provideOpenAiAssistantExecutionToolsForServer(): Promise<OpenAiAssistantExecutionTools> {
-    // TODO: !!!! [🌕] DRY
-    const isVerbose = true; // <- TODO: !!!! Pass
+    // TODO: [🐱‍🚀] [🌕] DRY
+    const isVerbose = true; // <- TODO: [🐱‍🚀] Pass
     if (executionTools !== null) {
-        console.log('!!! Returning cached OpenAiAssistantExecutionTools');
+        console.log('[🐱‍🚀] Returning cached OpenAiAssistantExecutionTools');
         return executionTools;
-        // TODO: !!!! Be aware of options changes
+        // TODO: [🐱‍🚀] Be aware of options changes
     }
-    console.log('!!! Creating NEW OpenAiAssistantExecutionTools');
+    console.log('[🐱‍🚀] Creating NEW OpenAiAssistantExecutionTools');
     executionTools = new OpenAiAssistantExecutionTools({
         apiKey: process.env.OPENAI_API_KEY,
-        assistantId: 'abstract_assistant', // <- TODO: !!!! In `OpenAiAssistantExecutionTools` Allow to create abstract assistants with `isCreatingNewAssistantsAllowed`
+        assistantId: 'abstract_assistant', // <- TODO: [🐱‍🚀] In `OpenAiAssistantExecutionTools` Allow to create abstract assistants with `isCreatingNewAssistantsAllowed`
         isCreatingNewAssistantsAllowed: true,
         isVerbose,
     });

package/apps/agents-server/src/tools/$provideServer.ts ADDED Viewed

@@ -0,0 +1,39 @@
+import { NEXT_PUBLIC_URL, SERVERS, SUPABASE_TABLE_PREFIX } from '@/config';
+import { normalizeTo_PascalCase } from '@promptbook-local/utils';
+import { headers } from 'next/headers';
+export async function $provideServer() {
+    if (!SERVERS) {
+        return {
+            publicUrl: NEXT_PUBLIC_URL || new URL(`https://${(await headers()).get('host') || 'localhost:4440'}`),
+            tablePrefix: SUPABASE_TABLE_PREFIX,
+        };
+    }
+    const headersList = await headers();
+    let host = headersList.get('host');
+    const xPromptbookServer = headersList.get('x-promptbook-server');
+    if (host === null) {
+        throw new Error('Host header is missing');
+    }
+    // If host is not in known servers, check if we have a context header from middleware
+    if (!SERVERS.some((server) => server === host)) {
+        if (xPromptbookServer && SERVERS.some((server) => server === xPromptbookServer)) {
+            host = xPromptbookServer;
+        } else {
+            throw new Error(`Server with host "${host}" is not configured in SERVERS`);
+        }
+    }
+    let serverName = host;
+    serverName = serverName.replace(/\.ptbk\.io$/, '');
+    serverName = normalizeTo_PascalCase(serverName);
+    return {
+        publicUrl: new URL(`https://${host}`),
+        tablePrefix: `server_${serverName}_`,
+    };
+}

package/apps/agents-server/src/utils/auth.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import { randomBytes, scrypt, timingSafeEqual } from 'crypto';
+import { promisify } from 'util';
+const scryptAsync = promisify(scrypt);
+/**
+ * Hashes a password using scrypt
+ *
+ * @param password The plain text password
+ * @returns The salt and hash formatted as "salt:hash"
+ */
+export async function hashPassword(password: string): Promise<string> {
+    const salt = randomBytes(16).toString('hex');
+    const derivedKey = (await scryptAsync(password, salt, 64)) as Buffer;
+    return `${salt}:${derivedKey.toString('hex')}`;
+}
+/**
+ * Verifies a password against a stored hash
+ *
+ * @param password The plain text password
+ * @param storedHash The stored hash in format "salt:hash"
+ * @returns True if the password matches
+ */
+export async function verifyPassword(password: string, storedHash: string): Promise<boolean> {
+    const [salt, key] = storedHash.split(':');
+    if (!salt || !key) return false;
+    const derivedKey = (await scryptAsync(password, salt, 64)) as Buffer;
+    const keyBuffer = Buffer.from(key, 'hex');
+    return timingSafeEqual(derivedKey, keyBuffer);
+}

package/apps/agents-server/src/utils/cdn/utils/nameToSubfolderPath.ts CHANGED Viewed

@@ -5,5 +5,5 @@ export function nameToSubfolderPath(name: string_name): Array<string> {
 }
 /**
- * TODO: !!! Use `nameToSubfolderPath` from src
+ * TODO: [🐱‍🚀] Use `nameToSubfolderPath` from src
  */

package/apps/agents-server/src/utils/getCurrentUser.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import { cookies } from 'next/headers';
+import { getSession } from './session';
+export type UserInfo = {
+    username: string;
+    isAdmin: boolean;
+};
+export async function getCurrentUser(): Promise<UserInfo | null> {
+    // Check session
+    const session = await getSession();
+    if (session) {
+        return {
+            username: session.username,
+            isAdmin: session.isAdmin
+        };
+    }
+    // Check legacy admin token
+    if (process.env.ADMIN_PASSWORD) {
+        const cookieStore = await cookies();
+        const adminToken = cookieStore.get('adminToken');
+        if (adminToken?.value === process.env.ADMIN_PASSWORD) {
+            return {
+                username: 'admin',
+                isAdmin: true
+            };
+        }
+    }
+    return null;
+}

package/apps/agents-server/src/utils/isIpAllowed.ts ADDED Viewed

@@ -0,0 +1,101 @@
+import { isIPv4, isIPv6 } from 'net';
+/**
+ * Checks if the IP address is allowed based on the allowed IPs list
+ *
+ * @param clientIp - The IP address of the client
+ * @param allowedIps - Comma separated list of allowed IPs or CIDR ranges
+ * @returns true if the IP is allowed, false otherwise
+ */
+export function isIpAllowed(clientIp: string, allowedIps: string | null | undefined): boolean {
+    if (!allowedIps || allowedIps.trim() === '') {
+        return true;
+    }
+    const allowedList = allowedIps.split(',').map((ip) => ip.trim());
+    for (const allowed of allowedList) {
+        if (allowed === '') {
+            continue;
+        }
+        if (allowed.includes('/')) {
+            // CIDR
+            if (isIpInCidr(clientIp, allowed)) {
+                return true;
+            }
+        } else {
+            // Single IP
+            if (clientIp === allowed) {
+                return true;
+            }
+        }
+    }
+    return false;
+}
+function isIpInCidr(ip: string, cidr: string): boolean {
+    try {
+        const [range, bitsStr] = cidr.split('/');
+        const bits = parseInt(bitsStr, 10);
+        if (isIPv4(ip) && isIPv4(range)) {
+            return isIPv4InCidr(ip, range, bits);
+        } else if (isIPv6(ip) && isIPv6(range)) {
+            return isIPv6InCidr(ip, range, bits);
+        } else if (isIPv6(ip) && isIPv4(range)) {
+            // Check if IPv6 is IPv4-mapped
+            if (ip.startsWith('::ffff:')) {
+                return isIPv4InCidr(ip.substring(7), range, bits);
+            }
+        }
+    } catch (error) {
+        console.error(`Error checking CIDR ${cidr} for IP ${ip}:`, error);
+    }
+    return false;
+}
+function ipToLong(ip: string): number {
+    return (
+        ip.split('.').reduce((acc, octet) => {
+            return (acc << 8) + parseInt(octet, 10);
+        }, 0) >>> 0
+    );
+}
+function isIPv4InCidr(ip: string, range: string, bits: number): boolean {
+    const mask = ~((1 << (32 - bits)) - 1);
+    const ipLong = ipToLong(ip);
+    const rangeLong = ipToLong(range);
+    return (ipLong & mask) === (rangeLong & mask);
+}
+function parseIPv6(ip: string): bigint {
+    // Expand ::
+    let fullIp = ip;
+    if (ip.includes('::')) {
+        const parts = ip.split('::');
+        const left = parts[0].split(':').filter(Boolean);
+        const right = parts[1].split(':').filter(Boolean);
+        const missing = 8 - (left.length + right.length);
+        const zeros = Array(missing).fill('0');
+        fullIp = [...left, ...zeros, ...right].join(':');
+    }
+    const parts = fullIp.split(':');
+    let value = BigInt(0);
+    for (const part of parts) {
+        value = (value << BigInt(16)) + BigInt(parseInt(part || '0', 16));
+    }
+    return value;
+}
+function isIPv6InCidr(ip: string, range: string, bits: number): boolean {
+    const ipBigInt = parseIPv6(ip);
+    const rangeBigInt = parseIPv6(range);
+    const mask = (BigInt(1) << BigInt(128)) - BigInt(1) ^ ((BigInt(1) << BigInt(128 - bits)) - BigInt(1));
+    return (ipBigInt & mask) === (rangeBigInt & mask);
+}

package/apps/agents-server/src/utils/isUserAdmin.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { cookies } from 'next/headers';
+import { getSession } from './session';
+/**
+ * Checks if the current user is an admin
+ *
+ * Note: If `process.env.ADMIN_PASSWORD` is not set, everyone is admin
+ *
+ * @returns true if the user is admin
+ */
+export async function isUserAdmin(): Promise<boolean> {
+    if (!process.env.ADMIN_PASSWORD) {
+        return true;
+    }
+    // Check legacy admin token
+    const cookieStore = await cookies();
+    const adminToken = cookieStore.get('adminToken');
+    if (adminToken?.value === process.env.ADMIN_PASSWORD) {
+        return true;
+    }
+    // Check session
+    const session = await getSession();
+    if (session?.isAdmin) {
+        return true;
+    }
+    return false;
+}

package/apps/agents-server/src/utils/session.ts ADDED Viewed

@@ -0,0 +1,50 @@
+import { createHmac } from 'crypto';
+import { cookies } from 'next/headers';
+const SESSION_COOKIE_NAME = 'sessionToken';
+const SECRET_KEY = process.env.ADMIN_PASSWORD || 'default-secret-key-change-me';
+type SessionUser = {
+    username: string;
+    isAdmin: boolean;
+};
+export async function setSession(user: SessionUser) {
+    const payload = JSON.stringify(user);
+    const signature = createHmac('sha256', SECRET_KEY).update(payload).digest('hex');
+    const token = `${Buffer.from(payload).toString('base64')}.${signature}`;
+    (await cookies()).set(SESSION_COOKIE_NAME, token, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        path: '/',
+        maxAge: 60 * 60 * 24 * 7, // 1 week
+    });
+}
+export async function clearSession() {
+    (await cookies()).delete(SESSION_COOKIE_NAME);
+    // Also clear legacy adminToken
+    (await cookies()).delete('adminToken');
+}
+export async function getSession(): Promise<SessionUser | null> {
+    const cookieStore = await cookies();
+    const token = cookieStore.get(SESSION_COOKIE_NAME)?.value;
+    if (!token) return null;
+    const [payloadBase64, signature] = token.split('.');
+    if (!payloadBase64 || !signature) return null;
+    const payload = Buffer.from(payloadBase64, 'base64').toString('utf-8');
+    const expectedSignature = createHmac('sha256', SECRET_KEY).update(payload).digest('hex');
+    if (signature !== expectedSignature) return null;
+    try {
+        return JSON.parse(payload) as SessionUser;
+    } catch {
+        return null;
+    }
+}

package/apps/agents-server/tailwind.config.ts CHANGED Viewed

@@ -15,6 +15,8 @@ const config: Config = {
             colors: {
                 background: 'var(--background)',
                 foreground: 'var(--foreground)',
+                'promptbook-blue': '#7aebff',
+                'promptbook-blue-dark': '#30a8bd',
             },
         },
     },