@promptbook/cli 0.103.0-52 → 0.103.0-54

package/apps/agents-server/src/middleware.ts

@@ -75,114 +75,215 @@ export async function middleware(req: NextRequest) {
     const allowedIps =
         allowedIpsMetadata !== null && allowedIpsMetadata !== undefined ? allowedIpsMetadata : allowedIpsEnv;
 
-    if (isIpAllowed(ip, allowedIps)) {
-        // Handle OPTIONS (preflight) requests before any redirects
-        // to avoid CORS issues ("Redirect is not allowed for a preflight request")
-        if (req.method === 'OPTIONS') {
-            return new NextResponse(null, {
-                status: 200,
-                headers: {
-                    'Access-Control-Allow-Origin': '*',
-                    'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
-                    'Access-Control-Allow-Headers': 'Content-Type',
-                },
-            });
-        }
+    let isValidToken = false;
+    const authHeader = req.headers.get('authorization');
 
-        // 3. Redirect /:agentName/* to /agents/:agentName/*
-        //    This enables accessing agents from the root path
-        const pathParts = req.nextUrl.pathname.split('/');
-        const potentialAgentName = pathParts[1];
-
-        if (
-            potentialAgentName &&
-            !['agents', 'api', 'admin', 'embed', '_next', 'favicon.ico'].includes(potentialAgentName) &&
-            !potentialAgentName.startsWith('.') &&
-            // Note: Other static files are excluded by the matcher configuration below
-            true
-        ) {
-            const url = req.nextUrl.clone();
-            url.pathname = `/agents${req.nextUrl.pathname}`;
-            const response = NextResponse.redirect(url);
-
-            // Enable CORS for the redirect
-            response.headers.set('Access-Control-Allow-Origin', '*');
-            response.headers.set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
-            response.headers.set('Access-Control-Allow-Headers', 'Content-Type');
+    if (authHeader && authHeader.startsWith('Bearer ')) {
+        const token = authHeader.split(' ')[1];
 
-            return response;
-        }
+        if (token.startsWith('ptbk_')) {
+            const host = req.headers.get('host');
+            let tablePrefix = SUPABASE_TABLE_PREFIX;
 
-        // 4. Custom Domain Routing
-        //    If the host is not one of the configured SERVERS, try to find an agent with a matching META LINK
+            if (host && SERVERS && SERVERS.length > 0) {
+                if (SERVERS.some((server) => server === host)) {
+                    let serverName = host;
+                    serverName = serverName.replace(/\.ptbk\.io$/, '');
+                    serverName = normalizeTo_PascalCase(serverName);
+                    tablePrefix = `server_${serverName}_`;
+                }
+            }
 
-        if (host && SERVERS && !SERVERS.some((server) => server === host)) {
             const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL;
             const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY || process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY;
 
             if (supabaseUrl && supabaseKey) {
-                const supabase = createClient(supabaseUrl, supabaseKey, {
-                    auth: {
-                        persistSession: false,
-                        autoRefreshToken: false,
-                    },
-                });
+                try {
+                    const supabase = createClient(supabaseUrl, supabaseKey, {
+                        auth: {
+                            persistSession: false,
+                            autoRefreshToken: false,
+                        },
+                    });
+
+                    const { data } = await supabase
+                        .from(`${tablePrefix}ApiTokens`)
+                        .select('id')
+                        .eq('token', token)
+                        .eq('isRevoked', false)
+                        .single();
+
+                    if (data) {
+                        isValidToken = true;
+                    }
+                } catch (error) {
+                    console.error('Error validating token in middleware:', error);
+                }
+            }
+        }
+    }
 
-                // Determine prefixes to check
-                // We check all configured servers because the custom domain could point to any of them
-                // (or if they share the database, we need to check the relevant tables)
-                const serversToCheck = SERVERS;
+    const isIpAllowedResult = isIpAllowed(ip, allowedIps);
+    const isLoggedIn = req.cookies.has('sessionToken');
+    const isAccessRestricted = !isIpAllowedResult && !isLoggedIn && !isValidToken;
+
+    // Handle OPTIONS (preflight) requests globally
+    if (req.method === 'OPTIONS') {
+        return new NextResponse(null, {
+            status: 200,
+            headers: {
+                'Access-Control-Allow-Origin': '*',
+                'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
+                'Access-Control-Allow-Headers': 'Content-Type',
+            },
+        });
+    }
 
-                // TODO: [🧠] If there are many servers, this loop might be slow. Optimize if needed.
-                for (const serverHost of serversToCheck) {
-                    let serverName = serverHost;
-                    serverName = serverName.replace(/\.ptbk\.io$/, '');
-                    serverName = normalizeTo_PascalCase(serverName);
-                    const prefix = `server_${serverName}_`;
-
-                    // Search for agent with matching META LINK
-                    // agentProfile->links is an array of strings
-                    // We check if it contains the host, or https://host, or http://host
-
-                    const searchLinks = [host, `https://${host}`, `http://${host}`];
-
-                    // Construct OR filter: agentProfile.cs.{"links":["link1"]},agentProfile.cs.{"links":["link2"]},...
-                    const orFilter = searchLinks.map((link) => `agentProfile.cs.{"links":["${link}"]}`).join(',');
-
-                    try {
-                        const { data } = await supabase
-                            .from(`${prefix}Agent`)
-                            .select('agentName')
-                            .or(orFilter)
-                            .limit(1)
-                            .single();
-
-                        if (data && data.agentName) {
-                            // Found the agent!
-                            const url = req.nextUrl.clone();
-                            url.pathname = `/${data.agentName}`;
-
-                            // Pass the server context to the app via header
-                            const requestHeaders = new Headers(req.headers);
-                            requestHeaders.set('x-promptbook-server', serverHost);
-
-                            return NextResponse.rewrite(url, {
-                                request: {
-                                    headers: requestHeaders,
-                                },
-                            });
-                        }
-                    } catch (error) {
-                        // Ignore error (e.g. table not found, or agent not found) and continue to next server
-                        // console.error(`Error checking server ${serverHost} for custom domain ${host}:`, error);
+    if (isAccessRestricted) {
+        const path = req.nextUrl.pathname;
+
+        // Allow specific paths for restricted users
+        // - /: Homepage / Agent List
+        // - /agents: Agent List
+        // - /api/agents: Agent List API
+        // - /api/federated-agents: Federated Agent List API
+        // - /api/auth/*: Auth endpoints
+        // - /restricted: Restricted Access Page
+        // - /docs: Documentation
+        // - /manifest.webmanifest: Manifest
+        // - /sw.js: Service Worker
+        const isAllowedPath =
+            path === '/' ||
+            path === '/agents' ||
+            path.startsWith('/api/agents') ||
+            path.startsWith('/api/federated-agents') ||
+            path.startsWith('/api/auth') ||
+            path === '/restricted' ||
+            path.startsWith('/docs') ||
+            path === '/manifest.webmanifest' ||
+            path === '/sw.js';
+
+        if (isAllowedPath) {
+            return NextResponse.next();
+        }
+
+        // Block access to other paths (e.g. Chat)
+        if (req.headers.get('accept')?.includes('text/html')) {
+            const url = req.nextUrl.clone();
+            url.pathname = '/restricted';
+            return NextResponse.rewrite(url);
+        }
+        return new NextResponse('Forbidden', { status: 403 });
+    }
+
+    // If we are here, the user is allowed (either by IP or session)
+    // Proceed with normal logic
+
+    // 3. Redirect /:agentName/* to /agents/:agentName/*
+    //    This enables accessing agents from the root path
+    const pathParts = req.nextUrl.pathname.split('/');
+    const potentialAgentName = pathParts[1];
+
+    if (
+        potentialAgentName &&
+        ![
+            'agents',
+            'api',
+            'admin',
+            'docs',
+            'manifest.webmanifest',
+            'sw.js',
+            'test',
+            'embed',
+            '_next',
+            'favicon.ico',
+        ].includes(potentialAgentName) &&
+        !potentialAgentName.startsWith('.') &&
+        // Note: Other static files are excluded by the matcher configuration below
+        true
+    ) {
+        const url = req.nextUrl.clone();
+        url.pathname = `/agents${req.nextUrl.pathname}`;
+        const response = NextResponse.redirect(url);
+
+        // Enable CORS for the redirect
+        response.headers.set('Access-Control-Allow-Origin', '*');
+        response.headers.set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+        response.headers.set('Access-Control-Allow-Headers', 'Content-Type');
+
+        return response;
+    }
+
+    // 4. Custom Domain Routing
+    //    If the host is not one of the configured SERVERS, try to find an agent with a matching META LINK
+
+    if (host && SERVERS && !SERVERS.some((server) => server === host)) {
+        const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL;
+        const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY || process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY;
+
+        if (supabaseUrl && supabaseKey) {
+            const supabase = createClient(supabaseUrl, supabaseKey, {
+                auth: {
+                    persistSession: false,
+                    autoRefreshToken: false,
+                },
+            });
+
+            // Determine prefixes to check
+            // We check all configured servers because the custom domain could point to any of them
+            // (or if they share the database, we need to check the relevant tables)
+            const serversToCheck = SERVERS;
+
+            // TODO: [🧠] If there are many servers, this loop might be slow. Optimize if needed.
+            for (const serverHost of serversToCheck) {
+                let serverName = serverHost;
+                serverName = serverName.replace(/\.ptbk\.io$/, '');
+                serverName = normalizeTo_PascalCase(serverName);
+                const prefix = `server_${serverName}_`;
+
+                // Search for agent with matching META LINK
+                // agentProfile->links is an array of strings
+                // We check if it contains the host, or https://host, or http://host
+
+                const searchLinks = [host, `https://${host}`, `http://${host}`];
+
+                // Construct OR filter: agentProfile.cs.{"links":["link1"]},agentProfile.cs.{"links":["link2"]},...
+                const orFilter = searchLinks.map((link) => `agentProfile.cs.{"links":["${link}"]}`).join(',');
+
+                try {
+                    const { data } = await supabase
+                        .from(`${prefix}Agent`)
+                        .select('agentName')
+                        .or(orFilter)
+                        .limit(1)
+                        .single();
+
+                    if (data && data.agentName) {
+                        // Found the agent!
+                        const url = req.nextUrl.clone();
+                        url.pathname = `/${data.agentName}`;
+
+                        // Pass the server context to the app via header
+                        const requestHeaders = new Headers(req.headers);
+                        requestHeaders.set('x-promptbook-server', serverHost);
+
+                        return NextResponse.rewrite(url, {
+                            request: {
+                                headers: requestHeaders,
+                            },
+                        });
                     }
+                } catch (error) {
+                    // Ignore error (e.g. table not found, or agent not found) and continue to next server
+                    // console.error(`Error checking server ${serverHost} for custom domain ${host}:`, error);
                 }
             }
         }
-
-        return NextResponse.next();
     }
 
+    return NextResponse.next();
+
+    // This part should be unreachable due to logic above, but keeping as fallback
     return new NextResponse('Forbidden', { status: 403 });
 }
 

package/apps/agents-server/src/tools/$provideCdnForServer.ts

@@ -1,4 +1,4 @@
-import { DigitalOceanSpaces } from '../utils/cdn/classes/DigitalOceanSpaces';
+import { VercelBlobStorage } from '../utils/cdn/classes/VercelBlobStorage';
 import { IIFilesStorageWithCdn } from '../utils/cdn/interfaces/IFilesStorage';
 
 /**
@@ -13,14 +13,10 @@ let cdn: IIFilesStorageWithCdn | null = null;
  */
 export function $provideCdnForServer(): IIFilesStorageWithCdn {
     if (!cdn) {
-        cdn = new DigitalOceanSpaces({
-            bucket: process.env.CDN_BUCKET!,
+        cdn = new VercelBlobStorage({
+            token: process.env.BLOB_READ_WRITE_TOKEN!,
             pathPrefix: process.env.NEXT_PUBLIC_CDN_PATH_PREFIX!,
-            endpoint: process.env.CDN_ENDPOINT!,
-            accessKeyId: process.env.CDN_ACCESS_KEY_ID!,
-            secretAccessKey: process.env.CDN_SECRET_ACCESS_KEY!,
             cdnPublicUrl: new URL(process.env.NEXT_PUBLIC_CDN_PUBLIC_URL!),
-            gzip: true,
         });
     }
 

package/apps/agents-server/src/tools/$provideExecutionToolsForServer.ts

@@ -1,6 +1,7 @@
 'use server';
 
 import {
+    cacheLlmTools,
     _AnthropicClaudeMetadataRegistration,
     _AzureOpenAiMetadataRegistration,
     _BoilerplateScraperMetadataRegistration,
@@ -26,6 +27,7 @@ import { $provideFilesystemForNode } from '../../../../src/scrapers/_common/regi
 import { $provideScrapersForNode } from '../../../../src/scrapers/_common/register/$provideScrapersForNode';
 import { $provideScriptingForNode } from '../../../../src/scrapers/_common/register/$provideScriptingForNode';
 import { $sideEffect } from '../../../../src/utils/organization/$sideEffect';
+import { SupabaseCacheStorage } from '../utils/cache/SupabaseCacheStorage';
 
 $sideEffect(
     _AnthropicClaudeMetadataRegistration,
@@ -90,10 +92,17 @@ export async function $provideExecutionToolsForServer(): Promise<ExecutionTools>
         isCacheReloaded,
     }; /* <- TODO: ` satisfies PrepareAndScrapeOptions` */
     const fs = await $provideFilesystemForNode(prepareAndScrapeOptions);
-    const { /* [0] strategy,*/ llm } = await $provideLlmToolsForCli({
+    const { /* [0] strategy,*/ llm: llmUncached } = await $provideLlmToolsForCli({
         cliOptions,
         ...prepareAndScrapeOptions,
     });
+
+    const llm = cacheLlmTools(llmUncached, {
+        storage: new SupabaseCacheStorage(),
+        isVerbose,
+        isCacheReloaded,
+    });
+
     const executables = await $provideExecutablesForNode(prepareAndScrapeOptions);
 
     executionTools = {

package/apps/agents-server/src/tools/$provideServer.ts

@@ -1,11 +1,11 @@
-import { NEXT_PUBLIC_URL, SERVERS, SUPABASE_TABLE_PREFIX } from '@/config';
+import { NEXT_PUBLIC_SITE_URL, SERVERS, SUPABASE_TABLE_PREFIX } from '@/config';
 import { normalizeTo_PascalCase } from '@promptbook-local/utils';
 import { headers } from 'next/headers';
 
 export async function $provideServer() {
     if (!SERVERS) {
         return {
-            publicUrl: NEXT_PUBLIC_URL || new URL(`https://${(await headers()).get('host') || 'localhost:4440'}`),
+            publicUrl: NEXT_PUBLIC_SITE_URL || new URL(`https://${(await headers()).get('host') || 'localhost:4440'}`),
             tablePrefix: SUPABASE_TABLE_PREFIX,
         };
     }

package/apps/agents-server/src/utils/authenticateUser.ts

@@ -0,0 +1,42 @@
+import { $getTableName } from '../database/$getTableName';
+import { $provideSupabaseForServer } from '../database/$provideSupabaseForServer';
+import { AgentsServerDatabase } from '../database/schema';
+import { verifyPassword } from './auth';
+
+export type AuthenticatedUser = {
+    username: string;
+    isAdmin: boolean;
+};
+
+export async function authenticateUser(username: string, password: string): Promise<AuthenticatedUser | null> {
+    // 1. Check if it's the environment admin
+    if (username === 'admin' && process.env.ADMIN_PASSWORD && password === process.env.ADMIN_PASSWORD) {
+        return { username: 'admin', isAdmin: true };
+    }
+
+    // 2. Check DB users
+    try {
+        const supabase = $provideSupabaseForServer();
+        const { data: user, error } = await supabase
+            .from(await $getTableName('User'))
+            .select('*')
+            .eq('username', username)
+            .single();
+
+        if (error || !user) {
+            return null;
+        }
+
+        const userRow = user as AgentsServerDatabase['public']['Tables']['User']['Row'];
+        const isValid = await verifyPassword(password, userRow.passwordHash);
+
+        if (!isValid) {
+            return null;
+        }
+
+        return { username: userRow.username, isAdmin: userRow.isAdmin };
+    } catch (error) {
+        console.error('Authentication error:', error);
+        return null;
+    }
+}

package/apps/agents-server/src/utils/cache/SupabaseCacheStorage.ts

@@ -0,0 +1,55 @@
+import { TODO_any } from '@promptbook-local/types';
+import { $getTableName } from '../../database/$getTableName';
+import { $provideSupabaseForServer } from '../../database/$provideSupabaseForServer';
+import { Json } from '../../database/schema';
+
+/**
+ * Storage for LLM cache using Supabase
+ */
+export class SupabaseCacheStorage {
+    // implements PromptbookStorage<TODO_any>
+
+    /**
+     * Returns the current value associated with the given key, or null if the given key does not exist in the list associated with the object.
+     */
+    public async getItem(key: string): Promise<TODO_any | null> {
+        const supabase = $provideSupabaseForServer();
+        const tableName = await $getTableName('LlmCache');
+
+        const { data } = await supabase.from(tableName).select('value').eq('hash', key).maybeSingle();
+
+        if (!data) {
+            return null;
+        }
+
+        return data.value;
+    }
+
+    /**
+     * Sets the value of the pair identified by key to value, creating a new key/value pair if none existed for key previously.
+     */
+    public async setItem(key: string, value: TODO_any): Promise<void> {
+        const supabase = $provideSupabaseForServer();
+        const tableName = await $getTableName('LlmCache');
+
+        await supabase.from(tableName).upsert(
+            {
+                hash: key,
+                value: value as Json,
+            },
+            {
+                onConflict: 'hash',
+            },
+        );
+    }
+
+    /**
+     * Removes the key/value pair with the given key from the list associated with the object, if a key/value pair with the given key exists
+     */
+    public async removeItem(key: string): Promise<void> {
+        const supabase = $provideSupabaseForServer();
+        const tableName = await $getTableName('LlmCache');
+
+        await supabase.from(tableName).delete().eq('hash', key);
+    }
+}

package/apps/agents-server/src/utils/cdn/classes/VercelBlobStorage.ts

@@ -0,0 +1,63 @@
+import { del, put } from '@vercel/blob';
+import { validateMimeType } from '../../validators/validateMimeType';
+import type { IFile, IIFilesStorageWithCdn } from '../interfaces/IFilesStorage';
+
+type IVercelBlobStorageConfig = {
+    readonly token: string;
+    readonly cdnPublicUrl: URL;
+    readonly pathPrefix?: string;
+    // Note: Vercel Blob automatically handles compression/serving
+};
+
+export class VercelBlobStorage implements IIFilesStorageWithCdn {
+    public get cdnPublicUrl() {
+        return this.config.cdnPublicUrl;
+    }
+
+    public constructor(private readonly config: IVercelBlobStorageConfig) {}
+
+    public getItemUrl(key: string): URL {
+        const path = this.config.pathPrefix ? `${this.config.pathPrefix}/${key}` : key;
+        return new URL(path, this.cdnPublicUrl);
+    }
+
+    public async getItem(key: string): Promise<IFile | null> {
+        const url = this.getItemUrl(key);
+
+        const response = await fetch(url);
+
+        if (response.status === 404) {
+            return null;
+        }
+
+        if (!response.ok) {
+            throw new Error(`Failed to fetch blob from ${url}: ${response.statusText}`);
+        }
+
+        const arrayBuffer = await response.arrayBuffer();
+        const buffer = Buffer.from(arrayBuffer);
+        const contentType = response.headers.get('content-type') || 'application/octet-stream';
+
+        return {
+            type: validateMimeType(contentType),
+            data: buffer,
+        };
+    }
+
+    public async removeItem(key: string): Promise<void> {
+        const url = this.getItemUrl(key).toString();
+        await del(url, { token: this.config.token });
+    }
+
+    public async setItem(key: string, file: IFile): Promise<void> {
+        const path = this.config.pathPrefix ? `${this.config.pathPrefix}/${key}` : key;
+        
+        await put(path, file.data, {
+            access: 'public',
+            addRandomSuffix: false,
+            contentType: file.type,
+            token: this.config.token,
+            // Note: We rely on Vercel Blob for compression
+        });
+    }
+}

package/apps/agents-server/src/utils/chatFeedbackAdmin.ts

@@ -0,0 +1,96 @@
+import type { AgentsServerDatabase } from '../database/schema';
+
+export type ChatFeedbackRow = AgentsServerDatabase['public']['Tables']['ChatFeedback']['Row'];
+export type ChatFeedbackSortField = 'createdAt' | 'agentName' | 'id';
+export type ChatFeedbackSortOrder = 'asc' | 'desc';
+
+export type ChatFeedbackListResponse = {
+    items: ChatFeedbackRow[];
+    total: number;
+    page: number;
+    pageSize: number;
+    sortBy: ChatFeedbackSortField;
+    sortOrder: ChatFeedbackSortOrder;
+};
+
+export type ChatFeedbackListParams = {
+    page?: number;
+    pageSize?: number;
+    agentName?: string;
+    search?: string;
+    sortBy?: ChatFeedbackSortField;
+    sortOrder?: ChatFeedbackSortOrder;
+};
+
+/**
+ * Build query string for chat feedback listing.
+ *
+ * Kept in a dedicated helper so it can be shared between the
+ * admin feedback page and other admin UIs (per-agent tools, etc.).
+ */
+function buildQuery(params: ChatFeedbackListParams): string {
+    const searchParams = new URLSearchParams();
+
+    if (params.page && params.page > 0) searchParams.set('page', String(params.page));
+    if (params.pageSize && params.pageSize > 0) searchParams.set('pageSize', String(params.pageSize));
+    if (params.agentName) searchParams.set('agentName', params.agentName);
+    if (params.search) searchParams.set('search', params.search);
+    if (params.sortBy) searchParams.set('sortBy', params.sortBy);
+    if (params.sortOrder) searchParams.set('sortOrder', params.sortOrder);
+
+    const qs = searchParams.toString();
+    return qs ? `?${qs}` : '';
+}
+
+/**
+ * Fetch chat feedback from the admin API.
+ */
+export async function $fetchChatFeedback(params: ChatFeedbackListParams = {}): Promise<ChatFeedbackListResponse> {
+    const qs = buildQuery(params);
+    const response = await fetch(`/api/chat-feedback${qs}`, {
+        method: 'GET',
+    });
+
+    if (!response.ok) {
+        const data = await response.json().catch(() => ({}));
+        throw new Error(data.error || 'Failed to load chat feedback');
+    }
+
+    return (await response.json()) as ChatFeedbackListResponse;
+}
+
+/**
+ * Clear chat feedback for a specific agent.
+ */
+export async function $clearAgentChatFeedback(agentName: string): Promise<void> {
+    if (!agentName) {
+        throw new Error('agentName is required to clear chat feedback');
+    }
+
+    const response = await fetch(`/api/chat-feedback?agentName=${encodeURIComponent(agentName)}`, {
+        method: 'DELETE',
+    });
+
+    if (!response.ok) {
+        const data = await response.json().catch(() => ({}));
+        throw new Error(data.error || 'Failed to clear chat feedback');
+    }
+}
+
+/**
+ * Delete a single chat feedback row by ID.
+ */
+export async function $deleteChatFeedbackRow(id: number): Promise<void> {
+    if (!id || id <= 0) {
+        throw new Error('Valid id is required to delete chat feedback row');
+    }
+
+    const response = await fetch(`/api/chat-feedback/${encodeURIComponent(String(id))}`, {
+        method: 'DELETE',
+    });
+
+    if (!response.ok) {
+        const data = await response.json().catch(() => ({}));
+        throw new Error(data.error || 'Failed to delete chat feedback row');
+    }
+}