@promptbook/cli 0.112.0-95 → 0.112.0-97

package/apps/agents-server/src/app/api/admin/code-runners/route.ts

@@ -1,15 +1,11 @@
-import { execFile } from 'child_process';
-import { promisify } from 'util';
 import { NextResponse } from 'next/server';
 import { isUserGlobalAdmin } from '@/src/utils/isUserGlobalAdmin';
+import { readConfiguredCodeRunner, resolveCodeRunnerStatus } from '@/src/utils/codeRunnerConfiguration';
 import {
     applyVpsCodeRunnerConfiguration,
-    listVpsEnvironmentVariables,
     updateVpsEnvironmentVariables,
 } from '@/src/utils/vpsConfiguration';
 
-const execFileAsync = promisify(execFile);
-
 /**
  * Loads configured code-runner settings from the editable VPS environment.
  */
@@ -19,16 +15,11 @@ export async function GET() {
     }
 
     try {
-        const snapshot = await listVpsEnvironmentVariables();
-        const environmentByKey = Object.fromEntries(
-            snapshot.variables.map((variable) => [variable.key, variable.value]),
-        ) as Record<string, string>;
+        const configuredCodeRunner = await readConfiguredCodeRunner();
 
         return NextResponse.json({
-            agent: environmentByKey.PTBK_AGENT || process.env.PTBK_AGENT || 'github-copilot',
-            model: environmentByKey.PTBK_MODEL || process.env.PTBK_MODEL || 'gpt-5.4',
-            thinkingLevel: environmentByKey.PTBK_THINKING_LEVEL || process.env.PTBK_THINKING_LEVEL || 'xhigh',
-            status: await resolveRunnerStatus(environmentByKey.PTBK_AGENT || process.env.PTBK_AGENT || 'github-copilot'),
+            ...configuredCodeRunner,
+            status: await resolveCodeRunnerStatus(configuredCodeRunner.agent),
         });
     } catch (error) {
         return NextResponse.json(
@@ -80,25 +71,3 @@ export async function PATCH(request: Request) {
         );
     }
 }
-
-/**
- * Resolves a short runner-authentication status for the configured runner.
- *
- * @param agent - Runner id.
- * @returns Human-readable status.
- */
-async function resolveRunnerStatus(agent: string): Promise<string> {
-    if (agent !== 'github-copilot') {
-        return 'Status check is currently available for GitHub Copilot CLI only.';
-    }
-
-    try {
-        const { stdout, stderr } = await execFileAsync('copilot', ['auth', 'status'], {
-            timeout: 10_000,
-            maxBuffer: 128 * 1024,
-        });
-        return [stdout, stderr].filter(Boolean).join('\n').trim() || 'GitHub Copilot CLI returned no status output.';
-    } catch (error) {
-        return error instanceof Error ? error.message : 'GitHub Copilot CLI status check failed.';
-    }
-}

package/apps/agents-server/src/app/api/admin/database/studio/route.ts

@@ -0,0 +1,113 @@
+import { serializeError, type StudioBFFRequest } from '@prisma/studio-core/data/bff';
+import { NextResponse } from 'next/server';
+import {
+    $provideDatabaseAdminExecutor,
+    type DatabaseAdminExecutor,
+    type DatabaseAdminQuery,
+} from '../../../../../database/$provideDatabaseAdminExecutor';
+import { isUserGlobalAdmin } from '../../../../../utils/isUserGlobalAdmin';
+
+export const runtime = 'nodejs';
+export const dynamic = 'force-dynamic';
+
+/**
+ * Handles Embedded Prisma Studio SQL requests for the configured Agents Server database.
+ *
+ * @param request - Incoming Studio BFF request.
+ * @returns Studio-compatible JSON response.
+ */
+export async function POST(request: Request): Promise<NextResponse> {
+    if (!(await isUserGlobalAdmin())) {
+        return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
+    }
+
+    let payload: StudioBFFRequest;
+
+    try {
+        payload = (await request.json()) as StudioBFFRequest;
+    } catch (error) {
+        return NextResponse.json([serializeError(error)], { status: 400 });
+    }
+
+    return handleDatabaseAdminStudioRequest($provideDatabaseAdminExecutor(), payload);
+}
+
+/**
+ * Resolves one Studio BFF payload against the raw database executor.
+ *
+ * @param executor - Raw SQL executor for the active database backend.
+ * @param payload - Studio BFF request payload.
+ * @returns Studio-compatible JSON response.
+ */
+async function handleDatabaseAdminStudioRequest(
+    executor: DatabaseAdminExecutor,
+    payload: StudioBFFRequest,
+): Promise<NextResponse> {
+    try {
+        switch (payload.procedure) {
+            case 'query':
+                return NextResponse.json([null, await executor.execute(payload.query as DatabaseAdminQuery)]);
+
+            case 'sequence':
+                return handleDatabaseAdminStudioSequence(executor, payload.sequence as readonly [
+                    DatabaseAdminQuery,
+                    DatabaseAdminQuery,
+                ]);
+
+            case 'transaction':
+                return NextResponse.json([
+                    null,
+                    await executor.executeTransaction(payload.queries as ReadonlyArray<DatabaseAdminQuery>),
+                ]);
+
+            case 'sql-lint':
+                return NextResponse.json([
+                    null,
+                    await executor.lintSql({
+                        schemaVersion: payload.schemaVersion,
+                        sql: payload.sql,
+                    }),
+                ]);
+
+            default:
+                return NextResponse.json([serializeError(new Error('Invalid database admin procedure.'))], {
+                    status: 400,
+                });
+        }
+    } catch (error) {
+        return NextResponse.json([serializeError(error)]);
+    }
+}
+
+/**
+ * Executes a two-step Studio sequence, preserving the response shape expected by the BFF client.
+ *
+ * @param executor - Raw SQL executor for the active database backend.
+ * @param sequence - Exactly two Studio-generated queries.
+ * @returns Studio-compatible sequence response.
+ */
+async function handleDatabaseAdminStudioSequence(
+    executor: DatabaseAdminExecutor,
+    sequence: readonly [DatabaseAdminQuery, DatabaseAdminQuery],
+): Promise<NextResponse> {
+    const [firstQuery, secondQuery] = sequence;
+
+    try {
+        const firstResult = await executor.execute(firstQuery);
+
+        try {
+            const secondResult = await executor.execute(secondQuery);
+            return NextResponse.json([
+                [null, firstResult],
+                [null, secondResult],
+            ]);
+        } catch (error) {
+            return NextResponse.json([
+                [null, firstResult],
+                [serializeError(error)],
+            ]);
+        }
+    } catch (error) {
+        return NextResponse.json([[serializeError(error)]]);
+    }
+}

package/apps/agents-server/src/app/api/admin/servers/[serverId]/route.ts

@@ -1,5 +1,5 @@
 import { NextResponse } from 'next/server';
-import { isAgentsServerSqliteMode } from '../../../../../database/agentsServerDatabaseMode';
+import { isAgentsServerStandaloneMode } from '../../../../../database/agentsServerDatabaseMode';
 import { resolveCurrentServerRegistryContext } from '../../../../../utils/currentServerRegistryContext';
 import { isUserGlobalAdmin } from '../../../../../utils/isUserGlobalAdmin';
 import {
@@ -15,6 +15,7 @@ import {
     updateManagedServer,
     type UpdateServerInput,
 } from '../../../../../utils/serverManagement';
+import { applyStandaloneVpsServerMetadata } from '../../../../../utils/serverManagement/standaloneVpsServerMetadata';
 import {
     applyVpsRuntimeConfiguration,
     listConfiguredVpsDomains,
@@ -36,8 +37,12 @@ export async function PATCH(request: Request, context: { params: Promise<{ serve
         const body = (await request.json()) as Omit<UpdateServerInput, 'id'>;
         const parsedServerId = parseManagedServerId(serverId);
 
-        if (isAgentsServerSqliteMode()) {
+        if (isAgentsServerStandaloneMode()) {
             const updatedServer = await updateStandaloneVpsServerDomain(parsedServerId, body.domain);
+            await applyStandaloneVpsServerMetadata({
+                tablePrefix: updatedServer.tablePrefix,
+                name: body.name,
+            });
             return NextResponse.json({ server: updatedServer });
         }
 
@@ -71,7 +76,7 @@ export async function DELETE(_request: Request, context: { params: Promise<{ ser
         const { serverId } = await context.params;
         const parsedServerId = parseManagedServerId(serverId);
 
-        if (isAgentsServerSqliteMode()) {
+        if (isAgentsServerStandaloneMode()) {
             await deleteStandaloneVpsServerDomain(parsedServerId);
             return NextResponse.json({
                 success: true,
@@ -126,7 +131,7 @@ async function updateStandaloneVpsServerDomain(serverId: number, rawDomain: stri
     const domains = await listConfiguredVpsDomains();
     const nextDomains = domains.map((domain, index) => (index === serverIndex ? normalizedDomain : domain));
     await updateConfiguredVpsDomains(nextDomains);
-    await applyVpsRuntimeConfiguration();
+    await applyVpsRuntimeConfiguration({ isProcessRestartEnabled: false });
 
     const updatedServer = listEnvironmentRegisteredServers().find((server) => server.domain === normalizedDomain);
     if (!updatedServer) {
@@ -150,5 +155,5 @@ async function deleteStandaloneVpsServerDomain(serverId: number): Promise<void>
 
     const domains = await listConfiguredVpsDomains();
     await updateConfiguredVpsDomains(domains.filter((_domain, index) => index !== serverIndex));
-    await applyVpsRuntimeConfiguration();
+    await applyVpsRuntimeConfiguration({ isProcessRestartEnabled: false });
 }

package/apps/agents-server/src/app/api/admin/servers/route.ts

@@ -1,8 +1,11 @@
 import { NextResponse } from 'next/server';
-import { isAgentsServerSqliteMode } from '../../../../database/agentsServerDatabaseMode';
+import { spaceTrim } from 'spacetrim';
+import { DatabaseError } from '../../../../../../../src/errors/DatabaseError';
+import { isAgentsServerStandaloneMode } from '../../../../database/agentsServerDatabaseMode';
 import { resolveCurrentServerRegistryContext } from '../../../../utils/currentServerRegistryContext';
 import { isUserAdmin } from '../../../../utils/isUserAdmin';
 import { isUserGlobalAdmin } from '../../../../utils/isUserGlobalAdmin';
+import { buildServerTablePrefix } from '../../../../utils/buildServerTablePrefix';
 import {
     createServerPublicUrl,
     listEnvironmentRegisteredServers,
@@ -14,6 +17,12 @@ import {
     resolveManagedServerErrorStatus,
     type CreateServerInput,
 } from '../../../../utils/serverManagement';
+import { ManagedServerInputNormalizer } from '../../../../utils/serverManagement/ManagedServerInputNormalizer';
+import {
+    applyStandaloneVpsServerMetadata,
+    resolveStandaloneVpsServerDisplayName,
+} from '../../../../utils/serverManagement/standaloneVpsServerMetadata';
+import { createStandaloneVpsDomainDnsDiagnostic } from '../../../../utils/standaloneVpsDnsDiagnostics';
 import {
     applyVpsRuntimeConfiguration,
     listConfiguredVpsDomains,
@@ -32,10 +41,15 @@ export async function GET() {
         }
 
         const context = await resolveCurrentServerRegistryContext();
+        const servers = isAgentsServerStandaloneMode()
+            ? await createStandaloneVpsServersResponse(context.registeredServers)
+            : context.registeredServers;
+
         return NextResponse.json({
-            servers: context.registeredServers,
+            servers,
             currentServerId: context.currentServer?.id ?? null,
             canEdit: await isUserGlobalAdmin(),
+            isStandaloneVps: isAgentsServerStandaloneMode(),
         });
     } catch (error) {
         return NextResponse.json(
@@ -47,6 +61,30 @@ export async function GET() {
     }
 }
 
+/**
+ * Enriches standalone VPS server rows with display metadata and DNS diagnostics.
+ *
+ * @param servers - Virtual standalone server rows.
+ * @returns Browser-safe server rows with DNS setup guidance.
+ */
+async function createStandaloneVpsServersResponse(
+    servers: Awaited<ReturnType<typeof resolveCurrentServerRegistryContext>>['registeredServers'],
+) {
+    const primaryDomain = servers[0]?.domain ?? null;
+
+    return Promise.all(
+        servers.map(async (server) => ({
+            ...server,
+            name: await resolveStandaloneVpsServerDisplayName(server),
+            dnsDiagnostic: await createStandaloneVpsDomainDnsDiagnostic({
+                domain: server.domain,
+                publicIpAddress: process.env.PTBK_PUBLIC_IP_ADDRESS,
+                fallbackCnameTargetDomain: primaryDomain && primaryDomain !== server.domain ? primaryDomain : null,
+            }),
+        })),
+    );
+}
+
 /**
  * Creates a new same-instance server.
  *
@@ -57,17 +95,25 @@ export async function POST(request: Request) {
     try {
         assertGlobalAdminAccess(await isUserGlobalAdmin());
 
-        const body = (await request.json()) as CreateServerInput;
-        if (isAgentsServerSqliteMode()) {
+        const body = withEnvironmentAdminUser((await request.json()) as CreateServerInput);
+        if (isAgentsServerStandaloneMode()) {
             const normalizedDomain = normalizeServerDomain(body.domain);
             if (!normalizedDomain) {
                 return NextResponse.json({ error: 'A valid domain is required.' }, { status: 400 });
             }
+            const tablePrefix = normalizeStandaloneVpsCreateServerTablePrefix(body);
 
             const existingDomains = await listConfiguredVpsDomains();
-            await updateConfiguredVpsDomains([...existingDomains, normalizedDomain]);
-            await applyVpsRuntimeConfiguration();
+            await updateConfiguredVpsDomains([...existingDomains, normalizedDomain], { tablePrefix });
+            await applyVpsRuntimeConfiguration({ isProcessRestartEnabled: false });
             const createdServer = listEnvironmentRegisteredServers().find((server) => server.domain === normalizedDomain);
+            if (createdServer) {
+                await applyStandaloneVpsServerMetadata({
+                    tablePrefix: createdServer.tablePrefix,
+                    name: body.name,
+                    iconUrl: body.iconUrl,
+                });
+            }
 
             return NextResponse.json(
                 {
@@ -107,3 +153,48 @@ export async function POST(request: Request) {
         );
     }
 }
+
+/**
+ * Uses the installer-managed environment admin when the browser no longer collects admin credentials.
+ *
+ * @param input - Raw create-server payload.
+ * @returns Payload compatible with the existing managed-server bootstrap flow.
+ */
+function withEnvironmentAdminUser(input: CreateServerInput): CreateServerInput {
+    const adminPassword = process.env.ADMIN_PASSWORD || input.adminUser?.password || '';
+    const adminUsername = input.adminUser?.username?.trim() || 'admin';
+
+    return {
+        ...input,
+        adminUser: {
+            username: adminUsername,
+            password: adminPassword,
+            isAdmin: true,
+        },
+        additionalUsers: input.additionalUsers || [],
+    };
+}
+
+/**
+ * Validates the generated server table prefix used by standalone VPS setup.
+ *
+ * @param input - Create-server payload with generated identifier and table prefix.
+ * @returns Validated server-level table prefix.
+ */
+function normalizeStandaloneVpsCreateServerTablePrefix(input: CreateServerInput): string {
+    const identifier = ManagedServerInputNormalizer.normalizeServerIdentifier(input.identifier);
+    const tablePrefix = ManagedServerInputNormalizer.validateServerTablePrefix(input.tablePrefix);
+    const expectedTablePrefix = buildServerTablePrefix(identifier);
+
+    if (tablePrefix !== expectedTablePrefix) {
+        throw new DatabaseError(
+            spaceTrim(`
+                Table prefix \`${tablePrefix}\` does not match generated server identifier \`${identifier}\`.
+
+                Expected \`${expectedTablePrefix}\`.
+            `),
+        );
+    }
+
+    return tablePrefix;
+}

package/apps/agents-server/src/app/api/admin/update/route.ts

@@ -0,0 +1,52 @@
+import { NextResponse } from 'next/server';
+import { isUserGlobalAdmin } from '@/src/utils/isUserGlobalAdmin';
+import { readVpsSelfUpdateOverview, startVpsSelfUpdate } from '@/src/utils/vpsSelfUpdate';
+
+export const runtime = 'nodejs';
+export const dynamic = 'force-dynamic';
+
+/**
+ * Loads the current standalone VPS self-update overview for the super-admin UI.
+ */
+export async function GET() {
+    if (!(await isUserGlobalAdmin())) {
+        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+    }
+
+    try {
+        return NextResponse.json(await readVpsSelfUpdateOverview());
+    } catch (error) {
+        return NextResponse.json(
+            { error: error instanceof Error ? error.message : 'Failed to load the update overview.' },
+            { status: 500 },
+        );
+    }
+}
+
+/**
+ * Starts a detached standalone VPS self-update for the selected environment.
+ */
+export async function POST(request: Request) {
+    if (!(await isUserGlobalAdmin())) {
+        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+    }
+
+    try {
+        const body = (await request.json().catch(() => null)) as
+            | {
+                  readonly environment?: string;
+              }
+            | null;
+
+        if (!body?.environment || typeof body.environment !== 'string') {
+            return NextResponse.json({ error: 'Update environment is required.' }, { status: 400 });
+        }
+
+        return NextResponse.json(await startVpsSelfUpdate(body.environment), { status: 202 });
+    } catch (error) {
+        return NextResponse.json(
+            { error: error instanceof Error ? error.message : 'Failed to start the update.' },
+            { status: 500 },
+        );
+    }
+}

package/apps/agents-server/src/app/api/auth/login/route.ts

@@ -1,5 +1,6 @@
 import { authenticateUser } from '../../../../utils/authenticateUser';
 import { setSession } from '../../../../utils/session';
+import { writeShibbolethAuthenticationLog } from '../../../../utils/shibboleth/writeShibbolethAuthenticationLog';
 import { NextResponse } from 'next/server';
 
 /**
@@ -7,6 +8,13 @@ import { NextResponse } from 'next/server';
  */
 export async function POST(request: Request) {
     try {
+        writeShibbolethAuthenticationLog(request.headers, {
+            event: 'login-route-request',
+            pathname: '/api/auth/login',
+            method: request.method,
+            hasSessionCookie: (request.headers.get('cookie') || '').includes('sessionToken='),
+        });
+
         const body = await request.json();
         const { username, password } = body;
 

package/apps/agents-server/src/app/api/auth/logout/route.ts

@@ -1,10 +1,18 @@
-import { clearSession } from '../../../../utils/session';
 import { NextResponse } from 'next/server';
+import { clearSession } from '../../../../utils/session';
+import { writeShibbolethAuthenticationLog } from '../../../../utils/shibboleth/writeShibbolethAuthenticationLog';
 
 /**
  * Handles post.
  */
-export async function POST() {
+export async function POST(request: Request) {
+    writeShibbolethAuthenticationLog(request.headers, {
+        event: 'logout-route-request',
+        pathname: '/api/auth/logout',
+        method: request.method,
+        hasSessionCookie: (request.headers.get('cookie') || '').includes('sessionToken='),
+    });
+
     await clearSession();
     return NextResponse.json({ success: true });
 }

package/apps/agents-server/src/app/layout.tsx

@@ -46,6 +46,7 @@ import {
     CONTROL_PANEL_OPTION_AVAILABILITY_METADATA_KEYS,
     getControlPanelOptionAvailability,
 } from '../utils/getControlPanelOptionAvailability';
+import '@prisma/studio-core/ui/index.css';
 import './globals.css';
 
 /**

package/apps/agents-server/src/app/page.tsx

@@ -13,6 +13,7 @@ import {
     resolveRegisteredServerByHost,
     type ServerRecord,
 } from '../utils/serverRegistry';
+import { isStandaloneVpsRawIpBootstrapActive } from '../utils/standaloneVpsRawIpBootstrap';
 import { getHomePageAgents } from './_data/getHomePageAgents';
 
 /**
@@ -77,6 +78,15 @@ async function resolveIpAddressRouting(host: string | null): Promise<'LOGIN' | '
         return (await isUserGlobalAdmin()) ? 'CONFIGURE' : 'LOGIN';
     }
 
+    if (
+        isStandaloneVpsRawIpBootstrapActive({
+            nextPublicSiteUrl: process.env.NEXT_PUBLIC_SITE_URL,
+            publicIpAddress: process.env.PTBK_PUBLIC_IP_ADDRESS,
+        })
+    ) {
+        return null;
+    }
+
     if (registeredServers.length === 1) {
         redirect(createServerPublicUrl(registeredServers[0]!.domain).href);
     }

package/apps/agents-server/src/components/Header/buildHeaderSystemMenuItems.ts

@@ -3,6 +3,7 @@ import {
     Code2,
     Globe2,
     KeyRound,
+    RefreshCw,
     Settings2,
     UserRound,
     Wrench,
@@ -202,6 +203,15 @@ export function buildHeaderSystemMenuItems({
         },
         ...(isGlobalAdmin
             ? [
+                  {
+                      label: translate('header.update'),
+                      href: '/admin/update',
+                      icon: RefreshCw,
+                  } as SubMenuItem,
+                  {
+                      label: translate('header.database'),
+                      href: '/admin/database',
+                  } as SubMenuItem,
                   {
                       label: translate('header.logs'),
                       href: '/admin/logs',

package/apps/agents-server/src/database/$provideClientSql.ts

@@ -1,5 +1,5 @@
 import { $isRunningInNode } from '@promptbook-local/utils';
-import { Pool } from 'pg';
+import { $providePostgresPool } from './$providePostgresPool';
 
 /**
  * SQL tagged-template executor used by server routes and utilities.
@@ -30,13 +30,6 @@ export type ClientSqlExecutor = ClientSql & {
     readonly raw: ClientSqlRaw;
 };
 
-/**
- * Shared PostgreSQL pool reused across all requests in the server process.
- *
- * @private internal singleton of Agents Server database layer
- */
-let clientPool: Pool | undefined;
-
 /**
  * Provides SQL tagged-template client for server-side PostgreSQL access.
  *
@@ -47,17 +40,7 @@ export async function $provideClientSql(): Promise<ClientSqlExecutor> {
         throw new Error('Function `$provideClientSql` can only be used in Node.js runtime.');
     }
 
-    if (!clientPool) {
-        const connectionString = process.env.POSTGRES_URL || process.env.DATABASE_URL;
-        if (!connectionString) {
-            throw new Error('Environment variable `POSTGRES_URL` or `DATABASE_URL` must be defined.');
-        }
-
-        clientPool = new Pool({
-            connectionString,
-            ssl: { rejectUnauthorized: false },
-        });
-    }
+    const clientPool = $providePostgresPool();
 
     const executeTemplate = async <TRow = Array<Record<string, unknown>>>(
         templateStrings: TemplateStringsArray,
@@ -72,7 +55,7 @@ export async function $provideClientSql(): Promise<ClientSqlExecutor> {
         }
 
         const text = textChunks.join('');
-        const result = await clientPool!.query(text, [...templateValues]);
+        const result = await clientPool.query(text, [...templateValues]);
         return result.rows as TRow;
     };
 
@@ -80,7 +63,7 @@ export async function $provideClientSql(): Promise<ClientSqlExecutor> {
         text: string,
         values: ReadonlyArray<unknown> = [],
     ): Promise<TRow> => {
-        const result = await clientPool!.query(text, [...values]);
+        const result = await clientPool.query(text, [...values]);
         return result.rows as TRow;
     };