@promptbook/cli 0.112.0-102 → 0.112.0-104

package/apps/agents-server/src/app/api/upload/route.ts

@@ -1,36 +1,18 @@
-import { $getTableName } from '@/src/database/$getTableName';
-import { $provideSupabase } from '@/src/database/$provideSupabase';
-import { $provideUntrackedCdnForServer } from '@/src/tools/$provideCdnForServer';
-import { getSafeCdnPath } from '@/src/utils/cdn/utils/getSafeCdnPath';
 import { serializeError } from '@promptbook-local/utils';
-import type { PostgrestSingleResponse, SupabaseClient } from '@supabase/supabase-js';
-import { handleUpload, type HandleUploadBody } from '@vercel/blob/client';
 import { NextRequest, NextResponse } from 'next/server';
+import { spaceTrim } from 'spacetrim';
 import { assertsError } from '../../../../../../src/errors/assertsError';
-import { DatabaseError } from '../../../../../../src/errors/DatabaseError';
 import { LimitReachedError } from '../../../../../../src/errors/LimitReachedError';
-import { NotAllowed } from '../../../../../../src/errors/NotAllowed';
-import { getUserIdFromRequest } from '../../../../src/utils/getUserIdFromRequest';
+import { UnexpectedError } from '../../../../../../src/errors/UnexpectedError';
+import { $getTableName } from '../../../database/$getTableName';
+import { $provideSupabase } from '../../../database/$provideSupabase';
 import type { AgentsServerDatabase } from '../../../database/schema';
+import { $provideCdnForServer } from '../../../tools/$provideCdnForServer';
+import { getSafeCdnPath } from '../../../utils/cdn/utils/getSafeCdnPath';
 import { FILE_SECURITY_CHECKERS } from '../../../file-security-checkers';
+import { getUserIdFromRequest } from '../../../utils/getUserIdFromRequest';
 import { getMaxFileUploadSizeBytes } from '../../../utils/serverLimits';
-
-/**
- * Additional metadata accepted from the client-side upload helper.
- *
- * @private
- */
-type UploadClientPayload = {
-    purpose?: unknown;
-    contentType?: unknown;
-};
-
-/**
- * Generic object used for safe JSON parsing in upload payloads.
- *
- * @private
- */
-type JsonRecord = Record<string, unknown>;
+import { validateMimeType } from '../../../utils/validators/validateMimeType';
 
 /**
  * Default purpose used for uploads when the client does not provide one.
@@ -47,75 +29,30 @@ const DEFAULT_UPLOAD_PURPOSE = 'GENERIC_UPLOAD';
 const DEFAULT_UPLOAD_CONTENT_TYPE = 'application/octet-stream';
 
 /**
- * Minimal MIME type validation for values provided by client payload.
- *
- * @private
- */
-const MIME_TYPE_PATTERN = /^[a-z0-9!#$&^_.+-]+\/[a-z0-9!#$&^_.+-]+$/i;
-
-/**
- * Form-data field containing the uploaded file for S3-backed server uploads.
- *
- * @private
- */
-const SERVER_ROUTED_UPLOAD_FILE_FIELD = 'file';
-
-/**
- * Form-data field containing the requested CDN object key for S3-backed server uploads.
- *
- * @private
- */
-const SERVER_ROUTED_UPLOAD_PATHNAME_FIELD = 'pathname';
-
-/**
- * Form-data field containing upload purpose for S3-backed server uploads.
- *
- * @private
- */
-const SERVER_ROUTED_UPLOAD_PURPOSE_FIELD = 'purpose';
-
-/**
- * Form-data field containing content type for S3-backed server uploads.
- *
- * @private
- */
-const SERVER_ROUTED_UPLOAD_CONTENT_TYPE_FIELD = 'contentType';
-
-/**
- * Multipart content type prefix used by server-routed S3 uploads.
+ * Regular expression for path segments that are safe to keep as public object keys.
  *
  * @private
  */
-const MULTIPART_FORM_DATA_CONTENT_TYPE = 'multipart/form-data';
+const SAFE_UPLOAD_PATH_PATTERN = /^[A-Za-z0-9][A-Za-z0-9._~!$&'()*+,;=:@/-]*$/;
 
 /**
- * Safely parses a JSON string into an object; returns empty object on invalid payload.
+ * Parsed upload request.
  *
  * @private
  */
-function parseJsonRecord(rawJson: string | null | undefined): JsonRecord {
-    if (!rawJson) {
-        return {};
-    }
-
-    try {
-        const parsed = JSON.parse(rawJson);
-        if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
-            return {};
-        }
-
-        return parsed as JsonRecord;
-    } catch {
-        return {};
-    }
-}
+type ParsedUploadRequest = {
+    file: File;
+    pathname: string;
+    purpose: string;
+    contentType: string;
+};
 
 /**
  * Normalizes upload purpose to a non-empty string.
  *
  * @private
  */
-function normalizeUploadPurpose(value: unknown): string {
+function normalizeUploadPurpose(value: FormDataEntryValue | null): string {
     if (typeof value !== 'string') {
         return DEFAULT_UPLOAD_PURPOSE;
     }
@@ -129,93 +66,84 @@ function normalizeUploadPurpose(value: unknown): string {
  *
  * @private
  */
-function normalizeUploadContentType(value: unknown): string {
-    if (typeof value !== 'string') {
-        return DEFAULT_UPLOAD_CONTENT_TYPE;
-    }
+function normalizeUploadContentType(value: FormDataEntryValue | null, fallbackContentType: string): string {
+    const candidate = typeof value === 'string' && value.trim() ? value.trim() : fallbackContentType;
 
-    const normalizedContentType = value.trim().toLowerCase();
-    if (!MIME_TYPE_PATTERN.test(normalizedContentType)) {
+    try {
+        return validateMimeType(candidate || DEFAULT_UPLOAD_CONTENT_TYPE);
+    } catch {
         return DEFAULT_UPLOAD_CONTENT_TYPE;
     }
-
-    return normalizedContentType;
 }
 
 /**
- * Extracts normalized upload metadata from client payload.
+ * Resolves and validates the storage key requested by the browser.
  *
  * @private
  */
-function resolveUploadClientPayload(clientPayload: string | null | undefined): {
-    purpose: string;
-    contentType: string;
-} {
-    const payload = parseJsonRecord(clientPayload) as UploadClientPayload;
-
-    return {
-        purpose: normalizeUploadPurpose(payload.purpose),
-        contentType: normalizeUploadContentType(payload.contentType),
-    };
-}
-
-/**
- * Checks whether the upload request uses the server-routed multipart protocol.
- *
- * @private
- */
-function isServerRoutedUploadRequest(request: NextRequest): boolean {
-    return (request.headers.get('content-type') || '').toLowerCase().includes(MULTIPART_FORM_DATA_CONTENT_TYPE);
-}
+function resolveUploadPathname(value: FormDataEntryValue | null): string {
+    if (typeof value !== 'string') {
+        throw new UnexpectedError('Upload request is missing `pathname`.');
+    }
 
-/**
- * Reads a string field from multipart form data.
- *
- * @private
- */
-function getFormDataString(formData: FormData, fieldName: string): string | null {
-    const value = formData.get(fieldName);
+    const pathname = value.trim().replace(/\\/g, '/').replace(/^\/+/, '');
+
+    if (
+        pathname === '' ||
+        pathname.includes('/../') ||
+        pathname.startsWith('../') ||
+        pathname.endsWith('/..') ||
+        !SAFE_UPLOAD_PATH_PATTERN.test(pathname)
+    ) {
+        throw new UnexpectedError(
+            spaceTrim(`
+                Upload request contains an invalid \`pathname\`.
+
+                The upload key must be a relative CDN path without parent-directory segments.
+            `),
+        );
+    }
 
-    return typeof value === 'string' ? value : null;
+    return getSafeCdnPath({
+        pathname,
+        pathPrefix: process.env.NEXT_PUBLIC_CDN_PATH_PREFIX,
+    });
 }
 
 /**
- * Normalizes a client-provided CDN pathname into a relative object key.
+ * Parses the multipart request accepted by `/api/upload`.
  *
  * @private
  */
-function normalizeServerUploadPathname(value: unknown, fallbackFilename: string): string {
-    const rawPathname = typeof value === 'string' ? value : fallbackFilename;
-    const normalizedPathname = rawPathname
-        .trim()
-        .replace(/\\/g, '/')
-        .replace(/^\/+/g, '')
-        .replace(/\/+/g, '/');
+async function parseUploadRequest(request: NextRequest): Promise<ParsedUploadRequest> {
+    const formData = await request.formData();
+    const file = formData.get('file');
 
-    if (!normalizedPathname || normalizedPathname.split('/').includes('..')) {
-        throw new NotAllowed('Upload pathname must be a safe relative CDN path.');
+    if (!(file instanceof File)) {
+        throw new UnexpectedError('Upload request is missing `file`.');
     }
 
-    return getSafeCdnPath({ pathname: normalizedPathname });
+    return {
+        file,
+        pathname: resolveUploadPathname(formData.get('pathname')),
+        purpose: normalizeUploadPurpose(formData.get('purpose')),
+        contentType: normalizeUploadContentType(formData.get('contentType'), file.type),
+    };
 }
 
 /**
- * Runs configured file-security checks for an uploaded public URL.
+ * Runs all configured file-security checkers against the uploaded public URL.
  *
  * @private
  */
 async function checkUploadedFileSecurity(storageUrl: string): Promise<Record<string, unknown>> {
     const securityResults: Record<string, unknown> = {};
 
-    for (const checkerId in FILE_SECURITY_CHECKERS) {
+    for (const checkerId of Object.keys(FILE_SECURITY_CHECKERS)) {
         try {
             const checker = FILE_SECURITY_CHECKERS[checkerId]!;
-            console.info(`🛡️ Checking file security with ${checker.title} (${storageUrl})...`);
-            const result = await checker.checkFile(storageUrl);
-            securityResults[checkerId] = result;
-            console.info(`🛡️ Security check result from ${checker.title}:`, result.status);
+            securityResults[checkerId] = await checker.checkFile(storageUrl);
         } catch (error) {
-            console.error(`🛡️ Security check failed for ${checkerId}:`, error);
             securityResults[checkerId] = {
                 isSafe: false,
                 status: 'ERROR',
@@ -229,269 +157,75 @@ async function checkUploadedFileSecurity(storageUrl: string): Promise<Record<str
 }
 
 /**
- * Inserts a completed file row for a server-routed upload.
+ * Stores security results for the file row created by `TrackedFilesStorage`.
  *
  * @private
  */
-async function insertCompletedUploadFileRecord(options: {
-    supabase: SupabaseClient<AgentsServerDatabase>;
-    userId: number | null;
-    fileName: string;
-    fileSize: number;
-    fileType: string;
-    storageUrl: string;
-    purpose: string;
-    securityResult: AgentsServerDatabase['public']['Tables']['File']['Insert']['securityResult'];
-}): Promise<number | null> {
-    const {
-        supabase,
-        userId,
-        fileName,
-        fileSize,
-        fileType,
-        storageUrl,
-        purpose,
-        securityResult,
-    } = options;
-    const { data, error }: PostgrestSingleResponse<Pick<AgentsServerDatabase['public']['Tables']['File']['Row'], 'id'>> =
-        await supabase
-            .from(await $getTableName('File'))
-            .insert({
-                userId,
-                fileName,
-                fileSize,
-                fileType,
-                storageUrl,
-                shortUrl: null,
-                purpose,
-                status: 'COMPLETED',
-                securityResult,
-            })
-            .select('id')
-            .single();
-
-    if (error) {
-        throw new DatabaseError(`Failed to create completed file record: ${error.message}`);
+async function updateUploadedFileSecurityResult(
+    storageUrl: string,
+    securityResult: Record<string, unknown>,
+): Promise<void> {
+    if (Object.keys(securityResult).length === 0) {
+        return;
     }
 
-    return data?.id ?? null;
-}
-
-/**
- * Handles direct multipart uploads for S3-compatible storage backends.
- *
- * @private
- */
-async function handleServerRoutedUpload(request: NextRequest): Promise<NextResponse> {
-    const formData = await request.formData();
-    const uploadFile = formData.get(SERVER_ROUTED_UPLOAD_FILE_FIELD);
-
-    if (!(uploadFile instanceof File)) {
-        throw new NotAllowed('Upload request must contain a file.');
-    }
-
-    const userId = await getUserIdFromRequest(request);
-    const purpose = normalizeUploadPurpose(getFormDataString(formData, SERVER_ROUTED_UPLOAD_PURPOSE_FIELD));
-    const contentType = normalizeUploadContentType(
-        getFormDataString(formData, SERVER_ROUTED_UPLOAD_CONTENT_TYPE_FIELD) || uploadFile.type,
-    );
-    const pathname = normalizeServerUploadPathname(
-        getFormDataString(formData, SERVER_ROUTED_UPLOAD_PATHNAME_FIELD),
-        uploadFile.name,
-    );
-    const maxFileSize = await getMaxFileUploadSizeBytes();
-
-    if (uploadFile.size > maxFileSize) {
-        throw new LimitReachedError(`Uploaded file exceeds the configured maximum size of ${maxFileSize} bytes.`);
-    }
-
-    const buffer = Buffer.from(await uploadFile.arrayBuffer());
-    if (buffer.byteLength > maxFileSize) {
-        throw new LimitReachedError(`Uploaded file exceeds the configured maximum size of ${maxFileSize} bytes.`);
-    }
-
-    const cdn = $provideUntrackedCdnForServer();
-    await cdn.setItem(pathname, {
-        type: contentType,
-        data: buffer,
-        userId: userId || undefined,
-        purpose,
-        fileSize: buffer.byteLength,
-    });
-
-    const storageUrl = cdn.getItemUrl(pathname).href;
-    const securityResults = await checkUploadedFileSecurity(storageUrl);
+    const supabase = $provideSupabase();
     const securityResultForDatabase =
-        securityResults as AgentsServerDatabase['public']['Tables']['File']['Insert']['securityResult'];
-    const supabase: SupabaseClient<AgentsServerDatabase> = $provideSupabase();
-    const fileId = await insertCompletedUploadFileRecord({
-        supabase,
-        userId: userId || null,
-        fileName: pathname,
-        fileSize: buffer.byteLength,
-        fileType: contentType,
-        storageUrl,
-        purpose,
-        securityResult: securityResultForDatabase,
-    });
+        securityResult as AgentsServerDatabase['public']['Tables']['File']['Update']['securityResult'];
+    const { error } = await supabase
+        .from(await $getTableName('File'))
+        .update({ securityResult: securityResultForDatabase })
+        .eq('storageUrl', storageUrl);
 
-    return NextResponse.json({
-        url: storageUrl,
-        pathname,
-        fileId,
-        contentType,
-        size: buffer.byteLength,
-    });
+    if (error) {
+        console.error('Failed to update uploaded file security result:', error);
+    }
 }
 
 /**
- * Handles post.
+ * Handles file upload requests.
  */
 export async function POST(request: NextRequest) {
     try {
-        if (isServerRoutedUploadRequest(request)) {
-            return await handleServerRoutedUpload(request);
+        const { file, pathname, purpose, contentType } = await parseUploadRequest(request);
+        const fileBuffer = Buffer.from(await file.arrayBuffer());
+        const maxFileSize = await getMaxFileUploadSizeBytes();
+
+        if (fileBuffer.byteLength > maxFileSize) {
+            throw new LimitReachedError(
+                spaceTrim(`
+                    Uploaded file \`${file.name}\` exceeds the configured upload limit.
+
+                    Maximum supported size: **${maxFileSize} bytes**
+                `),
+            );
         }
 
-        const body = (await request.json()) as HandleUploadBody;
+        const cdn = $provideCdnForServer();
+        const storageUrl = cdn.getItemUrl(pathname).href;
         const userId = await getUserIdFromRequest(request);
-        const supabase: SupabaseClient<AgentsServerDatabase> = $provideSupabase();
-
-        // Handle Vercel Blob client upload protocol
-        const jsonResponse = await handleUpload({
-            body,
-            request,
-            token: process.env.VERCEL_BLOB_READ_WRITE_TOKEN!,
-            onBeforeGenerateToken: async (pathname, clientPayload) => {
-                // Authenticate user and validate upload
-
-                // Parse client payload for additional metadata
-                const { purpose, contentType } = resolveUploadClientPayload(clientPayload);
 
-                const maxFileSize = await getMaxFileUploadSizeBytes();
-
-                // Generate the proper path with prefix
-                // Note: With client uploads, we use the original filename provided by the client
-                // The file will be stored at: {pathPrefix}/user/files/{filename}
-                const pathPrefix = process.env.NEXT_PUBLIC_CDN_PATH_PREFIX || '';
-
-                // Create a DB record at the start of the upload to track it
-                const uploadPurpose = purpose;
-                const {
-                    data: insertedFile,
-                    error: insertError,
-                }: PostgrestSingleResponse<Pick<AgentsServerDatabase['public']['Tables']['File']['Row'], 'id'>> =
-                    await supabase
-                        .from(await $getTableName('File'))
-                        .insert({
-                            userId: userId || null,
-                            fileName: pathname,
-                            fileSize: 0, // <- Will be updated when upload completes
-                            fileType: contentType,
-                            storageUrl: null, // <- To be updated on completion
-                            shortUrl: null, // <- To be updated on completion
-                            purpose: uploadPurpose,
-                            status: 'UPLOADING',
-                        })
-                        .select('id')
-                        .single();
-
-                if (insertError) {
-                    console.error('🔼 Failed to create file record:', insertError);
-                }
-
-                console.info('🔼 Upload started, tracking file:', {
-                    pathname,
-                    fileId: insertedFile?.id,
-                    purpose: uploadPurpose,
-                });
-
-                return {
-                    maximumSizeInBytes: maxFileSize,
-                    addRandomSuffix: true, // Add random suffix to avoid filename collisions since we can't hash content
-                    tokenPayload: JSON.stringify({
-                        userId: userId || null,
-                        purpose: uploadPurpose,
-                        fileId: insertedFile?.id || null,
-                        uploadPath: pathname,
-                        pathPrefix,
-                    }),
-                };
-            },
-            onUploadCompleted: async ({ blob, tokenPayload }) => {
-                // !!!!
-                // ⚠️ IMPORTANT: This callback is a WEBHOOK called by Vercel's servers AFTER the upload completes
-                // - It runs in a DIFFERENT request context (not the original user request)
-                // - It WON'T work in local development (Vercel can't reach localhost)
-                // - All data must come from tokenPayload (userId, fileId, etc.)
-                // - Need to create a fresh supabase client here
-                console.info('🔼 Upload completed (webhook callback):', { blob, tokenPayload });
-
-                try {
-                    const payload = parseJsonRecord(tokenPayload);
-                    const fileId = typeof payload.fileId === 'number' ? payload.fileId : null;
-                    const tokenUserId = typeof payload.userId === 'number' ? payload.userId : null;
-                    const tokenPurpose = normalizeUploadPurpose(payload.purpose);
-                    const uploadPath = typeof payload.uploadPath === 'string' ? payload.uploadPath : null;
-
-                    // Create fresh supabase client for this webhook context
-                    const supabase = $provideSupabase();
-
-                    // Security checks
-                    const securityResults = await checkUploadedFileSecurity(blob.url);
-                    const securityResultForDatabase =
-                        securityResults as AgentsServerDatabase['public']['Tables']['File']['Update']['securityResult'];
-
-                    if (fileId) {
-                        // Update the existing record by ID
-                        const { error: updateError } = await supabase
-                            .from(await $getTableName('File'))
-                            .update({
-                                userId: tokenUserId || null,
-                                fileSize: 0, // <- !!!!
-                                fileType: blob.contentType,
-                                storageUrl: blob.url,
-                                // <- TODO: !!!! Split between storageUrl and shortUrl
-                                purpose: tokenPurpose,
-                                status: 'COMPLETED',
-                                securityResult: securityResultForDatabase,
-                            })
-                            .eq('id', fileId);
+        await cdn.setItem(pathname, {
+            type: contentType,
+            data: fileBuffer,
+            purpose,
+            userId: userId || undefined,
+            fileSize: fileBuffer.byteLength,
+        });
 
-                        if (updateError) {
-                            console.error('🔼 Failed to update file record:', updateError);
-                        } else {
-                            console.info('🔼 File record updated successfully:', { fileId, shortUrl: blob.url });
-                        }
-                    } else if (uploadPath) {
-                        // Fallback: Update by uploadPath if fileId is not available
-                        const { error: updateError } = await supabase
-                            .from(await $getTableName('File'))
-                            .update({
-                                fileSize: 0, // <- !!!!
-                                fileType: blob.contentType,
-                                storageUrl: blob.url,
-                                status: 'COMPLETED',
-                                securityResult: securityResultForDatabase,
-                            })
-                            .eq('fileName', uploadPath)
-                            .eq('status', 'UPLOADING');
+        const securityResult = await checkUploadedFileSecurity(storageUrl);
+        await updateUploadedFileSecurityResult(storageUrl, securityResult);
 
-                        if (updateError) {
-                            console.error('🔼 Failed to update file record by uploadPath:', updateError);
-                        }
-                    }
-                } catch (error) {
-                    console.error('🔼 Error in onUploadCompleted:', error);
-                }
-            },
+        return NextResponse.json({
+            url: storageUrl,
+            pathname,
+            contentType,
+            size: fileBuffer.byteLength,
         });
-
-        return NextResponse.json(jsonResponse);
     } catch (error) {
         assertsError(error);
 
-        console.error('🔼', error);
+        console.error('Upload failed:', error);
 
         return new Response(
             JSON.stringify(
@@ -508,10 +242,3 @@ export async function POST(request: NextRequest) {
         );
     }
 }
-
-// TODO: !!!! Change uploaded URLs from `storageUrl` to `shortUrl`
-// TODO: !!!! Record both `storageUrl` (actual storage location) and `shortUrl` in `File` table
-// TODO: !!!! Record `purpose` in `File` table
-// TODO: !!!! Record `userId` in `File` table
-// TODO: !!!! Record all things into `File` table
-// TODO: !!!! File type (mime type) of `.book` files should be `application/book` <- [🧠] !!!! Best mime type?!

package/apps/agents-server/src/components/AgentProfile/AgentProfile.tsx

@@ -186,10 +186,7 @@ export function AgentProfile(props: AgentProfileProps) {
                                 ) : (
                                     <div className="flex h-full w-full items-center justify-center overflow-hidden p-4 md:p-8">
                                         {/* Keep built-in visuals inside a centered square stage so different avatar renderers fit the tall profile card consistently. */}
-                                        <div
-                                            className="flex h-full w-full max-h-[80%] max-w-[80%] items-center justify-center"
-                                            style={{ aspectRatio: '1 / 1' }}
-                                        >
+                                        <div className="flex aspect-square w-[80%] items-center justify-center">
                                             <AgentAvatar
                                                 agent={agent}
                                                 baseUrl={publicUrl}

package/apps/agents-server/src/components/Header/Header.tsx

@@ -9,7 +9,6 @@ import { HamburgerMenu } from '../../../../../src/book-components/_common/Hambur
 import { useMenuHoisting } from '../../../../../src/book-components/_common/MenuHoisting/MenuHoistingContext';
 import { just } from '../../../../../src/utils/organization/just';
 import { getVisibleCommitmentDefinitions } from '../../utils/getVisibleCommitmentDefinitions';
-import { pushWithHeadless, useIsHeadless } from '../_utils/headlessParam';
 import { useInstallPromptState, type AgentContextMenuRenamePayload } from '../AgentContextMenu/AgentContextMenu';
 import { useAgentNaming } from '../AgentNaming/AgentNamingContext';
 import { QrCodeModal } from '../AgentProfile/QrCodeModal';
@@ -58,11 +57,9 @@ export function Header(props: HeaderProps) {
         feedbackMode = 'stars',
         shibbolethAuthenticationStatus,
     } = props;
-
     const [isChangePasswordOpen, setIsChangePasswordOpen] = useState(false);
     const router = useRouter();
     const pathname = usePathname();
-    const isHeadless = useIsHeadless();
     const menuHoisting = useMenuHoisting();
     const mobileMenuHoisting = useMobileMenuHoisting();
     const { naming } = useAgentNaming();
@@ -73,13 +70,6 @@ export function Header(props: HeaderProps) {
         () => buildDocumentationDropdownItems(visibleDocumentationCommitments, t),
         [t, visibleDocumentationCommitments],
     );
-
-    const fallbackNavigateToHref = useCallback(
-        (href: string) => {
-            pushWithHeadless(router, href, isHeadless);
-        },
-        [isHeadless, router],
-    );
     const hoistedMobileMenuItems = mobileMenuHoisting?.menuItems || EMPTY_HOISTED_MOBILE_MENU_ITEMS;
     const {
         cancelMenuClose,
@@ -201,7 +191,6 @@ export function Header(props: HeaderProps) {
         isAdmin,
         isAuthenticated: Boolean(currentUser),
         isInstalled,
-        navigateToHref: fallbackNavigateToHref,
         namingPlural: naming.plural,
         namingSingular: naming.singular,
         onAgentRenamed: handleAgentRenamedFromHeader,