@promptbook/cli 0.112.0-101 → 0.112.0-102

package/apps/agents-server/src/app/agents/[agentName]/chat/AgentChatPageLayout.tsx

@@ -24,11 +24,11 @@ export function AgentChatPageLayout({
     children,
 }: AgentChatPageLayoutProps) {
     if (isHeadlessMode) {
-        return <div className="flex h-full min-h-0 w-full overflow-hidden bg-slate-50/80">{children}</div>;
+        return <div className="flex h-full min-h-0 w-full overflow-hidden bg-slate-50/80 dark:bg-slate-950">{children}</div>;
     }
 
     return (
-        <div className="flex h-full min-h-0 w-full overflow-hidden bg-slate-50/80">
+        <div className="flex h-full min-h-0 w-full overflow-hidden bg-slate-50/80 dark:bg-slate-950">
             {sidebar}
             <section className="flex min-h-0 min-w-0 flex-1 flex-col overflow-hidden">{children}</section>
         </div>

package/apps/agents-server/src/app/agents/[agentName]/chat/AgentChatSidebarDefault.tsx

@@ -183,7 +183,7 @@ function AgentChatSidebarDefaultCollapsedRow({
             onClick={() => onChatSelect(item.id)}
             className={`group relative flex w-full min-w-0 flex-col items-center gap-1 rounded-2xl border px-1.5 py-2 transition focus-visible:outline focus-visible:outline-blue-400 focus-visible:outline-offset-2 ${
                 item.isActive
-                    ? 'border-blue-300 bg-blue-50 text-blue-700 shadow-sm dark:border-blue-500/40 dark:bg-blue-500/12 dark:text-blue-100'
+                    ? 'agent-chat-sidebar-item-active border-blue-300 bg-blue-50 text-blue-700 shadow-sm dark:border-blue-500/40 dark:bg-blue-500/12 dark:text-blue-100'
                     : 'border-transparent bg-slate-100/80 text-slate-700 hover:border-slate-300 hover:bg-slate-100 dark:bg-slate-900/88 dark:text-slate-300 dark:hover:border-slate-700 dark:hover:bg-slate-900'
             } ${item.isEmpty && !item.isActive ? 'opacity-40' : ''}`}
             aria-label={item.content.accessibilityLabel}
@@ -206,14 +206,16 @@ function AgentChatSidebarDefaultCollapsedRow({
                 {item.content.messagesCount}
             </span>
             <div
-                className={`aspect-square w-full overflow-hidden rounded-xl border px-1.5 py-1.5 text-left ${
+                className={`agent-chat-sidebar-item-preview-card aspect-square w-full overflow-hidden rounded-xl border px-1.5 py-1.5 text-left ${
                     item.isActive
                         ? 'border-blue-300 bg-white/90 text-blue-700 dark:border-blue-500/40 dark:bg-slate-950/82 dark:text-blue-100'
                         : 'border-slate-200 bg-white/90 text-slate-600 dark:border-slate-700 dark:bg-slate-950/78 dark:text-slate-300'
                 }`}
             >
-                <div className="max-w-full truncate text-[10px] font-semibold leading-none">{item.content.title}</div>
-                <div className="mt-1 max-w-full truncate text-[9px] leading-tight text-slate-500 dark:text-slate-400">
+                <div className="agent-chat-sidebar-item-title max-w-full truncate text-[10px] font-semibold leading-none">
+                    {item.content.title}
+                </div>
+                <div className="agent-chat-sidebar-item-preview mt-1 max-w-full truncate text-[9px] leading-tight text-slate-500 dark:text-slate-400">
                     {item.content.preview}
                 </div>
             </div>
@@ -241,7 +243,7 @@ function AgentChatSidebarDefaultExpandedRow({
         <div
             className={`group relative rounded-xl border ${
                 item.isActive
-                    ? 'border-blue-300 bg-blue-50 shadow-sm dark:border-blue-500/40 dark:bg-blue-500/12'
+                    ? 'agent-chat-sidebar-item-active border-blue-300 bg-blue-50 shadow-sm dark:border-blue-500/40 dark:bg-blue-500/12'
                     : 'border-transparent hover:border-slate-200 hover:bg-slate-100/80 dark:hover:border-slate-700 dark:hover:bg-slate-900/88'
             } ${item.isEmpty && !item.isActive ? 'opacity-40' : ''}`}
         >
@@ -256,7 +258,7 @@ function AgentChatSidebarDefaultExpandedRow({
                 title={item.content.accessibilityLabel}
             >
                 <div className="flex items-center gap-2">
-                    <div className="min-w-0 flex-1 truncate text-sm font-medium text-slate-800 dark:text-slate-100">
+                    <div className="agent-chat-sidebar-item-title min-w-0 flex-1 truncate text-sm font-medium text-slate-800 dark:text-slate-100">
                         {item.content.title}
                     </div>
                     {item.content.sourceChipLabel && (
@@ -265,7 +267,9 @@ function AgentChatSidebarDefaultExpandedRow({
                         </span>
                     )}
                 </div>
-                <div className="mt-1 truncate text-xs text-slate-500 dark:text-slate-400">{item.content.preview}</div>
+                <div className="agent-chat-sidebar-item-preview mt-1 truncate text-xs text-slate-500 dark:text-slate-400">
+                    {item.content.preview}
+                </div>
                 <div className="mt-2 flex items-center justify-between gap-2">
                     <div className={`truncate text-[11px] ${statusClassName}`}>
                         {item.content.activityIndicator.compactLabel || item.content.lastActivity}

package/apps/agents-server/src/app/api/admin/cli-access/route.ts

@@ -1,6 +1,4 @@
-import { NextResponse } from 'next/server';
-import { isUserGlobalAdmin } from '@/src/utils/isUserGlobalAdmin';
-import { createInteractiveTerminalEventStream } from '@/src/utils/createInteractiveTerminalEventStream';
+import { createAdminTerminalRouteHandlers } from '@/src/utils/createAdminTerminalRouteHandlers';
 import {
     getLatestServerCliAccessSession,
     getServerCliAccessSession,
@@ -14,124 +12,30 @@ export const runtime = 'nodejs';
 export const dynamic = 'force-dynamic';
 
 /**
- * Loads the latest CLI access session or streams a specific terminal session.
+ * Shared route handlers for the raw server shell terminal.
  */
-export async function GET(request: Request) {
-    if (!(await isUserGlobalAdmin())) {
-        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-    }
-
-    try {
-        const { searchParams } = new URL(request.url);
-        const sessionId = searchParams.get('sessionId')?.trim() || '';
-        const isStreamRequested = searchParams.get('stream') === '1';
-
-        if (isStreamRequested) {
-            if (!sessionId) {
-                return NextResponse.json({ error: 'CLI access session id is required.' }, { status: 400 });
-            }
-
-            const session = getServerCliAccessSession(sessionId);
-            if (!session) {
-                return NextResponse.json({ error: 'CLI access session was not found.' }, { status: 404 });
-            }
-
-            return createInteractiveTerminalEventStream(
-                request,
-                sessionId,
-                session,
-                subscribeToServerCliAccessSession,
-            );
-        }
-
-        return NextResponse.json({
-            session: getLatestServerCliAccessSession(),
-        });
-    } catch (error) {
-        return NextResponse.json(
-            { error: error instanceof Error ? error.message : 'Failed to load the CLI access session.' },
-            { status: 500 },
-        );
-    }
-}
-
-/**
- * Starts or reconnects to the raw server shell exposed in the browser.
- */
-export async function POST() {
-    if (!(await isUserGlobalAdmin())) {
-        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-    }
-
-    try {
-        return NextResponse.json({
-            session: await startServerCliAccessSession(),
-        });
-    } catch (error) {
-        return NextResponse.json(
-            { error: error instanceof Error ? error.message : 'Failed to start the CLI access session.' },
-            { status: 500 },
-        );
-    }
-}
-
-/**
- * Sends raw input to the running CLI access shell.
- */
-export async function PATCH(request: Request) {
-    if (!(await isUserGlobalAdmin())) {
-        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-    }
-
-    try {
-        const body = (await request.json().catch(() => null)) as
-            | {
-                  readonly sessionId?: string;
-                  readonly input?: string;
-              }
-            | null;
-
-        if (!body?.sessionId || typeof body.input !== 'string') {
-            return NextResponse.json({ error: 'CLI access session input is required.' }, { status: 400 });
-        }
-
-        return NextResponse.json({
-            session: writeServerCliAccessSessionInput(body.sessionId, body.input),
-        });
-    } catch (error) {
-        return NextResponse.json(
-            { error: error instanceof Error ? error.message : 'Failed to send CLI access input.' },
-            { status: 500 },
-        );
-    }
-}
-
-/**
- * Stops one running CLI access shell session.
- */
-export async function DELETE(request: Request) {
-    if (!(await isUserGlobalAdmin())) {
-        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-    }
-
-    try {
-        const body = (await request.json().catch(() => null)) as
-            | {
-                  readonly sessionId?: string;
-              }
-            | null;
-
-        if (!body?.sessionId) {
-            return NextResponse.json({ error: 'CLI access session id is required.' }, { status: 400 });
-        }
-
-        return NextResponse.json({
-            session: stopServerCliAccessSession(body.sessionId),
-        });
-    } catch (error) {
-        return NextResponse.json(
-            { error: error instanceof Error ? error.message : 'Failed to stop the CLI access session.' },
-            { status: 500 },
-        );
-    }
-}
+const cliAccessTerminalRouteHandlers = createAdminTerminalRouteHandlers(
+    {
+        getLatestSession: getLatestServerCliAccessSession,
+        getSession: getServerCliAccessSession,
+        startSession: startServerCliAccessSession,
+        writeSessionInput: writeServerCliAccessSessionInput,
+        stopSession: stopServerCliAccessSession,
+        subscribeToSession: subscribeToServerCliAccessSession,
+    },
+    {
+        loadErrorMessage: 'Failed to load the CLI access session.',
+        missingStreamSessionIdMessage: 'CLI access session id is required.',
+        sessionNotFoundMessage: 'CLI access session was not found.',
+        startErrorMessage: 'Failed to start the CLI access session.',
+        missingInputMessage: 'CLI access session input is required.',
+        sendErrorMessage: 'Failed to send CLI access input.',
+        missingStopSessionIdMessage: 'CLI access session id is required.',
+        stopErrorMessage: 'Failed to stop the CLI access session.',
+    },
+);
+
+export const GET = cliAccessTerminalRouteHandlers.GET;
+export const POST = cliAccessTerminalRouteHandlers.POST;
+export const PATCH = cliAccessTerminalRouteHandlers.PATCH;
+export const DELETE = cliAccessTerminalRouteHandlers.DELETE;

package/apps/agents-server/src/app/api/admin/code-runners/authentication/route.ts

@@ -1,6 +1,3 @@
-import { NextResponse } from 'next/server';
-import { isUserGlobalAdmin } from '@/src/utils/isUserGlobalAdmin';
-import { createInteractiveTerminalEventStream } from '@/src/utils/createInteractiveTerminalEventStream';
 import {
     getCodeRunnerAuthenticationSession,
     getLatestCodeRunnerAuthenticationSession,
@@ -9,132 +6,43 @@ import {
     subscribeToCodeRunnerAuthenticationSession,
     writeCodeRunnerAuthenticationSessionInput,
 } from '@/src/utils/codeRunnerAuthentication';
+import { createAdminTerminalRouteHandlers } from '@/src/utils/createAdminTerminalRouteHandlers';
 import { readConfiguredCodeRunner } from '@/src/utils/codeRunnerConfiguration';
 
 export const runtime = 'nodejs';
 export const dynamic = 'force-dynamic';
 
 /**
- * Loads the latest authentication session for the saved runner or streams a specific session.
+ * Shared route handlers for the code-runner authentication terminal.
  */
-export async function GET(request: Request) {
-    if (!(await isUserGlobalAdmin())) {
-        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-    }
-
-    try {
-        const { searchParams } = new URL(request.url);
-        const sessionId = searchParams.get('sessionId')?.trim() || '';
-        const isStreamRequested = searchParams.get('stream') === '1';
-
-        if (isStreamRequested) {
-            if (!sessionId) {
-                return NextResponse.json({ error: 'Authentication session id is required.' }, { status: 400 });
-            }
-
-            const session = getCodeRunnerAuthenticationSession(sessionId);
-            if (!session) {
-                return NextResponse.json({ error: 'Authentication session was not found.' }, { status: 404 });
-            }
-
-            return createInteractiveTerminalEventStream(
-                request,
-                sessionId,
-                session,
-                subscribeToCodeRunnerAuthenticationSession,
-            );
-        }
-
-        const { agent } = await readConfiguredCodeRunner();
-        return NextResponse.json({
-            session: getLatestCodeRunnerAuthenticationSession(agent),
-        });
-    } catch (error) {
-        return NextResponse.json(
-            { error: error instanceof Error ? error.message : 'Failed to load the authentication session.' },
-            { status: 500 },
-        );
-    }
-}
-
-/**
- * Starts a new browser-driven authentication terminal for the saved runner.
- */
-export async function POST() {
-    if (!(await isUserGlobalAdmin())) {
-        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-    }
-
-    try {
-        const { agent } = await readConfiguredCodeRunner();
-        return NextResponse.json({
-            session: await startCodeRunnerAuthenticationSession(agent),
-        });
-    } catch (error) {
-        return NextResponse.json(
-            { error: error instanceof Error ? error.message : 'Failed to start the authentication session.' },
-            { status: 500 },
-        );
-    }
-}
-
-/**
- * Sends terminal input to a running authentication session.
- */
-export async function PATCH(request: Request) {
-    if (!(await isUserGlobalAdmin())) {
-        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-    }
-
-    try {
-        const body = (await request.json().catch(() => null)) as
-            | {
-                  readonly sessionId?: string;
-                  readonly input?: string;
-              }
-            | null;
-
-        if (!body?.sessionId || typeof body.input !== 'string') {
-            return NextResponse.json({ error: 'Authentication session input is required.' }, { status: 400 });
-        }
-
-        return NextResponse.json({
-            session: writeCodeRunnerAuthenticationSessionInput(body.sessionId, body.input),
-        });
-    } catch (error) {
-        return NextResponse.json(
-            { error: error instanceof Error ? error.message : 'Failed to send authentication input.' },
-            { status: 500 },
-        );
-    }
-}
-
-/**
- * Stops one authentication terminal from the admin UI.
- */
-export async function DELETE(request: Request) {
-    if (!(await isUserGlobalAdmin())) {
-        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
-    }
-
-    try {
-        const body = (await request.json().catch(() => null)) as
-            | {
-                  readonly sessionId?: string;
-              }
-            | null;
-
-        if (!body?.sessionId) {
-            return NextResponse.json({ error: 'Authentication session id is required.' }, { status: 400 });
-        }
-
-        return NextResponse.json({
-            session: stopCodeRunnerAuthenticationSession(body.sessionId),
-        });
-    } catch (error) {
-        return NextResponse.json(
-            { error: error instanceof Error ? error.message : 'Failed to stop the authentication session.' },
-            { status: 500 },
-        );
-    }
-}
+const authenticationTerminalRouteHandlers = createAdminTerminalRouteHandlers(
+    {
+        async getLatestSession() {
+            const { agent } = await readConfiguredCodeRunner();
+            return getLatestCodeRunnerAuthenticationSession(agent);
+        },
+        getSession: getCodeRunnerAuthenticationSession,
+        async startSession() {
+            const { agent } = await readConfiguredCodeRunner();
+            return startCodeRunnerAuthenticationSession(agent);
+        },
+        writeSessionInput: writeCodeRunnerAuthenticationSessionInput,
+        stopSession: stopCodeRunnerAuthenticationSession,
+        subscribeToSession: subscribeToCodeRunnerAuthenticationSession,
+    },
+    {
+        loadErrorMessage: 'Failed to load the authentication session.',
+        missingStreamSessionIdMessage: 'Authentication session id is required.',
+        sessionNotFoundMessage: 'Authentication session was not found.',
+        startErrorMessage: 'Failed to start the authentication session.',
+        missingInputMessage: 'Authentication session input is required.',
+        sendErrorMessage: 'Failed to send authentication input.',
+        missingStopSessionIdMessage: 'Authentication session id is required.',
+        stopErrorMessage: 'Failed to stop the authentication session.',
+    },
+);
+
+export const GET = authenticationTerminalRouteHandlers.GET;
+export const POST = authenticationTerminalRouteHandlers.POST;
+export const PATCH = authenticationTerminalRouteHandlers.PATCH;
+export const DELETE = authenticationTerminalRouteHandlers.DELETE;

package/apps/agents-server/src/app/api/auth/login/route.ts

@@ -1,11 +1,6 @@
 import { authenticateUser } from '../../../../utils/authenticateUser';
 import { setSession } from '../../../../utils/session';
 import { NextResponse } from 'next/server';
-import {
-    AUTHENTICATION_METHODS_METADATA_KEY,
-    isAuthenticationMethodEnabled,
-} from '../../../../constants/authenticationMethods';
-import { getMetadata } from '../../../../database/getMetadata';
 
 /**
  * Handles post.
@@ -19,11 +14,6 @@ export async function POST(request: Request) {
             return NextResponse.json({ error: 'Username and password are required' }, { status: 400 });
         }
 
-        if (!isAuthenticationMethodEnabled(await getMetadata(AUTHENTICATION_METHODS_METADATA_KEY), 'PASSWORD')) {
-            console.info('Password login rejected because PASSWORD authentication is disabled in metadata.');
-            return NextResponse.json({ error: 'Password login is disabled on this server' }, { status: 403 });
-        }
-
         const user = await authenticateUser(username, password);
 
         if (user) {

package/apps/agents-server/src/app/api/auth/shibboleth/acs/route.ts

@@ -1,92 +1,112 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { setSession } from '../../../../../utils/session';
+import { revalidatePath } from 'next/cache';
+import { NextResponse } from 'next/server';
 import {
-    createShibbolethProfileLogDetails,
     createShibbolethSamlClient,
-    loadShibbolethConfiguration,
-    logShibbolethAuthenticationEvent,
-    resolveSafeShibbolethRelayState,
-    resolveShibbolethUser,
-    ShibbolethConfigurationError,
+    findOrCreateShibbolethUser,
+    getShibbolethRequestDetails,
+    recordShibbolethAuthenticationAttempt,
+    resolveShibbolethAuthenticationConfiguration,
+    sanitizeShibbolethRelayState,
 } from '../../../../../utils/shibbolethAuthentication';
-
-/**
- * Forces this route to run in Node.js because node-saml depends on Node crypto/zlib APIs.
- */
-export const runtime = 'nodejs';
+import { setSession } from '../../../../../utils/session';
 
 /**
  * Handles post.
  */
-export async function POST(request: NextRequest) {
-    const configuration = await loadShibbolethConfiguration(request);
-
-    if (!configuration.isEnabled) {
-        logShibbolethAuthenticationEvent('acs_rejected_disabled');
-        return NextResponse.json({ error: 'Shibboleth authentication is not enabled.' }, { status: 404 });
-    }
-
-    if (!configuration.isConfigured) {
-        const error = new ShibbolethConfigurationError(configuration.missingConfiguration);
-        logShibbolethAuthenticationEvent('acs_rejected_incomplete_configuration', {
-            missingConfiguration: configuration.missingConfiguration,
-        });
-        return NextResponse.json({ error: error.message }, { status: 503 });
-    }
+export async function POST(request: Request) {
+    const requestDetails = getShibbolethRequestDetails(request);
+    let relayState = '/';
 
     try {
         const formData = await request.formData();
         const samlResponse = formData.get('SAMLResponse');
-        const relayState = resolveSafeShibbolethRelayState(
-            typeof formData.get('RelayState') === 'string' ? String(formData.get('RelayState')) : null,
-        );
+        relayState = sanitizeShibbolethRelayState(formData.get('RelayState')?.toString());
 
-        if (typeof samlResponse !== 'string' || samlResponse.trim() === '') {
-            logShibbolethAuthenticationEvent('acs_rejected_missing_saml_response');
+        if (typeof samlResponse !== 'string' || !samlResponse) {
+            await recordShibbolethAuthenticationAttempt({
+                stage: 'ASSERTION_CONSUMER_SERVICE',
+                status: 'FAILED',
+                requestDetails,
+                relayState,
+                errorMessage: 'Missing SAMLResponse.',
+            });
             return NextResponse.json({ error: 'Missing SAMLResponse.' }, { status: 400 });
         }
 
-        logShibbolethAuthenticationEvent('acs_response_received', {
-            relayState,
-            responseLength: samlResponse.length,
+        const configuration = await resolveShibbolethAuthenticationConfiguration({
+            requestUrl: request.url,
+            isIdentityProviderMetadataValidationEnabled: true,
         });
 
+        if (!configuration.isActive) {
+            await recordShibbolethAuthenticationAttempt({
+                stage: 'ASSERTION_CONSUMER_SERVICE',
+                status: 'REJECTED',
+                requestDetails,
+                relayState,
+                errorMessage: 'Shibboleth authentication is not active.',
+            });
+            return NextResponse.json({ error: 'Shibboleth authentication is not active.' }, { status: 404 });
+        }
+
+        if (!configuration.isConfigured) {
+            const errorMessage = configuration.errors.join(' ');
+            await recordShibbolethAuthenticationAttempt({
+                stage: 'ASSERTION_CONSUMER_SERVICE',
+                status: 'FAILED',
+                requestDetails,
+                relayState,
+                errorMessage,
+            });
+            return NextResponse.json({ error: errorMessage }, { status: 503 });
+        }
+
         const saml = createShibbolethSamlClient(configuration);
-        const { profile } = await saml.validatePostResponseAsync({
-            SAMLResponse: samlResponse,
-            RelayState: relayState,
-        });
+        const { profile } = await saml.validatePostResponseAsync({ SAMLResponse: samlResponse });
 
         if (!profile) {
-            logShibbolethAuthenticationEvent('acs_rejected_empty_profile');
-            return NextResponse.json({ error: 'Shibboleth did not return a user profile.' }, { status: 401 });
+            await recordShibbolethAuthenticationAttempt({
+                stage: 'ASSERTION_CONSUMER_SERVICE',
+                status: 'FAILED',
+                requestDetails,
+                relayState,
+                errorMessage: 'Shibboleth response did not include a user profile.',
+            });
+            return NextResponse.json({ error: 'Shibboleth response did not include a user profile.' }, { status: 401 });
         }
 
-        logShibbolethAuthenticationEvent(
-            'acs_profile_validated',
-            createShibbolethProfileLogDetails(profile, configuration.usernameAttribute),
-        );
-
-        const user = await resolveShibbolethUser(profile, configuration);
+        const linkedUser = await findOrCreateShibbolethUser(profile);
         await setSession({
-            username: user.username,
-            isAdmin: user.isAdmin,
+            username: linkedUser.user.username,
+            isAdmin: linkedUser.user.isAdmin,
             isGlobalAdmin: false,
         });
+        revalidatePath('/', 'layout');
 
-        logShibbolethAuthenticationEvent('acs_session_created', {
-            username: user.username,
-            isAdmin: user.isAdmin,
-            isNewUser: user.isNewUser,
+        await recordShibbolethAuthenticationAttempt({
+            stage: 'ASSERTION_CONSUMER_SERVICE',
+            status: 'SUCCESS',
+            requestDetails,
             relayState,
+            userId: linkedUser.user.id,
+            email: linkedUser.profileAttributes.email,
+            displayName: linkedUser.profileAttributes.displayName,
+            nameId: linkedUser.profileAttributes.nameId,
+            rawAttributes: linkedUser.profileAttributes.rawAttributes,
         });
 
         return NextResponse.redirect(new URL(relayState, request.url), 303);
     } catch (error) {
-        logShibbolethAuthenticationEvent('acs_failed', {
-            error: error instanceof Error ? error.message : String(error),
+        const errorMessage = error instanceof Error ? error.message : 'Failed to finish Shibboleth authentication.';
+        await recordShibbolethAuthenticationAttempt({
+            stage: 'ASSERTION_CONSUMER_SERVICE',
+            status: 'FAILED',
+            requestDetails,
+            relayState,
+            errorMessage,
         });
 
-        return NextResponse.json({ error: 'Shibboleth authentication failed.' }, { status: 401 });
+        console.error('Shibboleth assertion consumer service error:', error);
+        return NextResponse.json({ error: errorMessage }, { status: 401 });
     }
 }