@promptbook/cli 0.112.0-96 → 0.112.0-98

package/apps/agents-server/src/app/api/admin/code-runners/authentication/route.ts

@@ -0,0 +1,140 @@
+import { NextResponse } from 'next/server';
+import { isUserGlobalAdmin } from '@/src/utils/isUserGlobalAdmin';
+import { createInteractiveTerminalEventStream } from '@/src/utils/createInteractiveTerminalEventStream';
+import {
+    getCodeRunnerAuthenticationSession,
+    getLatestCodeRunnerAuthenticationSession,
+    startCodeRunnerAuthenticationSession,
+    stopCodeRunnerAuthenticationSession,
+    subscribeToCodeRunnerAuthenticationSession,
+    writeCodeRunnerAuthenticationSessionInput,
+} from '@/src/utils/codeRunnerAuthentication';
+import { readConfiguredCodeRunner } from '@/src/utils/codeRunnerConfiguration';
+
+export const runtime = 'nodejs';
+export const dynamic = 'force-dynamic';
+
+/**
+ * Loads the latest authentication session for the saved runner or streams a specific session.
+ */
+export async function GET(request: Request) {
+    if (!(await isUserGlobalAdmin())) {
+        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+    }
+
+    try {
+        const { searchParams } = new URL(request.url);
+        const sessionId = searchParams.get('sessionId')?.trim() || '';
+        const isStreamRequested = searchParams.get('stream') === '1';
+
+        if (isStreamRequested) {
+            if (!sessionId) {
+                return NextResponse.json({ error: 'Authentication session id is required.' }, { status: 400 });
+            }
+
+            const session = getCodeRunnerAuthenticationSession(sessionId);
+            if (!session) {
+                return NextResponse.json({ error: 'Authentication session was not found.' }, { status: 404 });
+            }
+
+            return createInteractiveTerminalEventStream(
+                request,
+                sessionId,
+                session,
+                subscribeToCodeRunnerAuthenticationSession,
+            );
+        }
+
+        const { agent } = await readConfiguredCodeRunner();
+        return NextResponse.json({
+            session: getLatestCodeRunnerAuthenticationSession(agent),
+        });
+    } catch (error) {
+        return NextResponse.json(
+            { error: error instanceof Error ? error.message : 'Failed to load the authentication session.' },
+            { status: 500 },
+        );
+    }
+}
+
+/**
+ * Starts a new browser-driven authentication terminal for the saved runner.
+ */
+export async function POST() {
+    if (!(await isUserGlobalAdmin())) {
+        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+    }
+
+    try {
+        const { agent } = await readConfiguredCodeRunner();
+        return NextResponse.json({
+            session: await startCodeRunnerAuthenticationSession(agent),
+        });
+    } catch (error) {
+        return NextResponse.json(
+            { error: error instanceof Error ? error.message : 'Failed to start the authentication session.' },
+            { status: 500 },
+        );
+    }
+}
+
+/**
+ * Sends terminal input to a running authentication session.
+ */
+export async function PATCH(request: Request) {
+    if (!(await isUserGlobalAdmin())) {
+        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+    }
+
+    try {
+        const body = (await request.json().catch(() => null)) as
+            | {
+                  readonly sessionId?: string;
+                  readonly input?: string;
+              }
+            | null;
+
+        if (!body?.sessionId || typeof body.input !== 'string') {
+            return NextResponse.json({ error: 'Authentication session input is required.' }, { status: 400 });
+        }
+
+        return NextResponse.json({
+            session: writeCodeRunnerAuthenticationSessionInput(body.sessionId, body.input),
+        });
+    } catch (error) {
+        return NextResponse.json(
+            { error: error instanceof Error ? error.message : 'Failed to send authentication input.' },
+            { status: 500 },
+        );
+    }
+}
+
+/**
+ * Stops one authentication terminal from the admin UI.
+ */
+export async function DELETE(request: Request) {
+    if (!(await isUserGlobalAdmin())) {
+        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+    }
+
+    try {
+        const body = (await request.json().catch(() => null)) as
+            | {
+                  readonly sessionId?: string;
+              }
+            | null;
+
+        if (!body?.sessionId) {
+            return NextResponse.json({ error: 'Authentication session id is required.' }, { status: 400 });
+        }
+
+        return NextResponse.json({
+            session: stopCodeRunnerAuthenticationSession(body.sessionId),
+        });
+    } catch (error) {
+        return NextResponse.json(
+            { error: error instanceof Error ? error.message : 'Failed to stop the authentication session.' },
+            { status: 500 },
+        );
+    }
+}

package/apps/agents-server/src/app/api/admin/code-runners/route.ts

@@ -1,15 +1,11 @@
-import { execFile } from 'child_process';
-import { promisify } from 'util';
 import { NextResponse } from 'next/server';
 import { isUserGlobalAdmin } from '@/src/utils/isUserGlobalAdmin';
+import { readConfiguredCodeRunner, resolveCodeRunnerStatus } from '@/src/utils/codeRunnerConfiguration';
 import {
     applyVpsCodeRunnerConfiguration,
-    listVpsEnvironmentVariables,
     updateVpsEnvironmentVariables,
 } from '@/src/utils/vpsConfiguration';
 
-const execFileAsync = promisify(execFile);
-
 /**
  * Loads configured code-runner settings from the editable VPS environment.
  */
@@ -19,16 +15,11 @@ export async function GET() {
     }
 
     try {
-        const snapshot = await listVpsEnvironmentVariables();
-        const environmentByKey = Object.fromEntries(
-            snapshot.variables.map((variable) => [variable.key, variable.value]),
-        ) as Record<string, string>;
+        const configuredCodeRunner = await readConfiguredCodeRunner();
 
         return NextResponse.json({
-            agent: environmentByKey.PTBK_AGENT || process.env.PTBK_AGENT || 'github-copilot',
-            model: environmentByKey.PTBK_MODEL || process.env.PTBK_MODEL || 'gpt-5.4',
-            thinkingLevel: environmentByKey.PTBK_THINKING_LEVEL || process.env.PTBK_THINKING_LEVEL || 'xhigh',
-            status: await resolveRunnerStatus(environmentByKey.PTBK_AGENT || process.env.PTBK_AGENT || 'github-copilot'),
+            ...configuredCodeRunner,
+            status: await resolveCodeRunnerStatus(configuredCodeRunner.agent),
         });
     } catch (error) {
         return NextResponse.json(
@@ -80,25 +71,3 @@ export async function PATCH(request: Request) {
         );
     }
 }
-
-/**
- * Resolves a short runner-authentication status for the configured runner.
- *
- * @param agent - Runner id.
- * @returns Human-readable status.
- */
-async function resolveRunnerStatus(agent: string): Promise<string> {
-    if (agent !== 'github-copilot') {
-        return 'Status check is currently available for GitHub Copilot CLI only.';
-    }
-
-    try {
-        const { stdout, stderr } = await execFileAsync('copilot', ['auth', 'status'], {
-            timeout: 10_000,
-            maxBuffer: 128 * 1024,
-        });
-        return [stdout, stderr].filter(Boolean).join('\n').trim() || 'GitHub Copilot CLI returned no status output.';
-    } catch (error) {
-        return error instanceof Error ? error.message : 'GitHub Copilot CLI status check failed.';
-    }
-}

package/apps/agents-server/src/app/api/admin/servers/[serverId]/route.ts

@@ -15,6 +15,7 @@ import {
     updateManagedServer,
     type UpdateServerInput,
 } from '../../../../../utils/serverManagement';
+import { applyStandaloneVpsServerMetadata } from '../../../../../utils/serverManagement/standaloneVpsServerMetadata';
 import {
     applyVpsRuntimeConfiguration,
     listConfiguredVpsDomains,
@@ -38,6 +39,10 @@ export async function PATCH(request: Request, context: { params: Promise<{ serve
 
         if (isAgentsServerSqliteMode()) {
             const updatedServer = await updateStandaloneVpsServerDomain(parsedServerId, body.domain);
+            await applyStandaloneVpsServerMetadata({
+                tablePrefix: updatedServer.tablePrefix,
+                name: body.name,
+            });
             return NextResponse.json({ server: updatedServer });
         }
 
@@ -126,7 +131,7 @@ async function updateStandaloneVpsServerDomain(serverId: number, rawDomain: stri
     const domains = await listConfiguredVpsDomains();
     const nextDomains = domains.map((domain, index) => (index === serverIndex ? normalizedDomain : domain));
     await updateConfiguredVpsDomains(nextDomains);
-    await applyVpsRuntimeConfiguration();
+    await applyVpsRuntimeConfiguration({ isProcessRestartEnabled: false });
 
     const updatedServer = listEnvironmentRegisteredServers().find((server) => server.domain === normalizedDomain);
     if (!updatedServer) {
@@ -150,5 +155,5 @@ async function deleteStandaloneVpsServerDomain(serverId: number): Promise<void>
 
     const domains = await listConfiguredVpsDomains();
     await updateConfiguredVpsDomains(domains.filter((_domain, index) => index !== serverIndex));
-    await applyVpsRuntimeConfiguration();
+    await applyVpsRuntimeConfiguration({ isProcessRestartEnabled: false });
 }

package/apps/agents-server/src/app/api/admin/servers/route.ts

@@ -1,8 +1,11 @@
 import { NextResponse } from 'next/server';
+import { spaceTrim } from 'spacetrim';
+import { DatabaseError } from '../../../../../../../src/errors/DatabaseError';
 import { isAgentsServerSqliteMode } from '../../../../database/agentsServerDatabaseMode';
 import { resolveCurrentServerRegistryContext } from '../../../../utils/currentServerRegistryContext';
 import { isUserAdmin } from '../../../../utils/isUserAdmin';
 import { isUserGlobalAdmin } from '../../../../utils/isUserGlobalAdmin';
+import { buildServerTablePrefix } from '../../../../utils/buildServerTablePrefix';
 import {
     createServerPublicUrl,
     listEnvironmentRegisteredServers,
@@ -14,6 +17,12 @@ import {
     resolveManagedServerErrorStatus,
     type CreateServerInput,
 } from '../../../../utils/serverManagement';
+import { ManagedServerInputNormalizer } from '../../../../utils/serverManagement/ManagedServerInputNormalizer';
+import {
+    applyStandaloneVpsServerMetadata,
+    resolveStandaloneVpsServerDisplayName,
+} from '../../../../utils/serverManagement/standaloneVpsServerMetadata';
+import { createStandaloneVpsDomainDnsDiagnostic } from '../../../../utils/standaloneVpsDnsDiagnostics';
 import {
     applyVpsRuntimeConfiguration,
     listConfiguredVpsDomains,
@@ -32,10 +41,15 @@ export async function GET() {
         }
 
         const context = await resolveCurrentServerRegistryContext();
+        const servers = isAgentsServerSqliteMode()
+            ? await createStandaloneVpsServersResponse(context.registeredServers)
+            : context.registeredServers;
+
         return NextResponse.json({
-            servers: context.registeredServers,
+            servers,
             currentServerId: context.currentServer?.id ?? null,
             canEdit: await isUserGlobalAdmin(),
+            isStandaloneVps: isAgentsServerSqliteMode(),
         });
     } catch (error) {
         return NextResponse.json(
@@ -47,6 +61,30 @@ export async function GET() {
     }
 }
 
+/**
+ * Enriches standalone VPS server rows with display metadata and DNS diagnostics.
+ *
+ * @param servers - Virtual standalone server rows.
+ * @returns Browser-safe server rows with DNS setup guidance.
+ */
+async function createStandaloneVpsServersResponse(
+    servers: Awaited<ReturnType<typeof resolveCurrentServerRegistryContext>>['registeredServers'],
+) {
+    const primaryDomain = servers[0]?.domain ?? null;
+
+    return Promise.all(
+        servers.map(async (server) => ({
+            ...server,
+            name: await resolveStandaloneVpsServerDisplayName(server),
+            dnsDiagnostic: await createStandaloneVpsDomainDnsDiagnostic({
+                domain: server.domain,
+                publicIpAddress: process.env.PTBK_PUBLIC_IP_ADDRESS,
+                fallbackCnameTargetDomain: primaryDomain && primaryDomain !== server.domain ? primaryDomain : null,
+            }),
+        })),
+    );
+}
+
 /**
  * Creates a new same-instance server.
  *
@@ -57,17 +95,25 @@ export async function POST(request: Request) {
     try {
         assertGlobalAdminAccess(await isUserGlobalAdmin());
 
-        const body = (await request.json()) as CreateServerInput;
+        const body = withEnvironmentAdminUser((await request.json()) as CreateServerInput);
         if (isAgentsServerSqliteMode()) {
             const normalizedDomain = normalizeServerDomain(body.domain);
             if (!normalizedDomain) {
                 return NextResponse.json({ error: 'A valid domain is required.' }, { status: 400 });
             }
+            const tablePrefix = normalizeStandaloneVpsCreateServerTablePrefix(body);
 
             const existingDomains = await listConfiguredVpsDomains();
-            await updateConfiguredVpsDomains([...existingDomains, normalizedDomain]);
-            await applyVpsRuntimeConfiguration();
+            await updateConfiguredVpsDomains([...existingDomains, normalizedDomain], { tablePrefix });
+            await applyVpsRuntimeConfiguration({ isProcessRestartEnabled: false });
             const createdServer = listEnvironmentRegisteredServers().find((server) => server.domain === normalizedDomain);
+            if (createdServer) {
+                await applyStandaloneVpsServerMetadata({
+                    tablePrefix: createdServer.tablePrefix,
+                    name: body.name,
+                    iconUrl: body.iconUrl,
+                });
+            }
 
             return NextResponse.json(
                 {
@@ -107,3 +153,48 @@ export async function POST(request: Request) {
         );
     }
 }
+
+/**
+ * Uses the installer-managed environment admin when the browser no longer collects admin credentials.
+ *
+ * @param input - Raw create-server payload.
+ * @returns Payload compatible with the existing managed-server bootstrap flow.
+ */
+function withEnvironmentAdminUser(input: CreateServerInput): CreateServerInput {
+    const adminPassword = process.env.ADMIN_PASSWORD || input.adminUser?.password || '';
+    const adminUsername = input.adminUser?.username?.trim() || 'admin';
+
+    return {
+        ...input,
+        adminUser: {
+            username: adminUsername,
+            password: adminPassword,
+            isAdmin: true,
+        },
+        additionalUsers: input.additionalUsers || [],
+    };
+}
+
+/**
+ * Validates the generated server table prefix used by standalone VPS setup.
+ *
+ * @param input - Create-server payload with generated identifier and table prefix.
+ * @returns Validated server-level table prefix.
+ */
+function normalizeStandaloneVpsCreateServerTablePrefix(input: CreateServerInput): string {
+    const identifier = ManagedServerInputNormalizer.normalizeServerIdentifier(input.identifier);
+    const tablePrefix = ManagedServerInputNormalizer.validateServerTablePrefix(input.tablePrefix);
+    const expectedTablePrefix = buildServerTablePrefix(identifier);
+
+    if (tablePrefix !== expectedTablePrefix) {
+        throw new DatabaseError(
+            spaceTrim(`
+                Table prefix \`${tablePrefix}\` does not match generated server identifier \`${identifier}\`.
+
+                Expected \`${expectedTablePrefix}\`.
+            `),
+        );
+    }
+
+    return tablePrefix;
+}

package/apps/agents-server/src/app/api/admin/update/route.ts

@@ -0,0 +1,52 @@
+import { NextResponse } from 'next/server';
+import { isUserGlobalAdmin } from '@/src/utils/isUserGlobalAdmin';
+import { readVpsSelfUpdateOverview, startVpsSelfUpdate } from '@/src/utils/vpsSelfUpdate';
+
+export const runtime = 'nodejs';
+export const dynamic = 'force-dynamic';
+
+/**
+ * Loads the current standalone VPS self-update overview for the super-admin UI.
+ */
+export async function GET() {
+    if (!(await isUserGlobalAdmin())) {
+        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+    }
+
+    try {
+        return NextResponse.json(await readVpsSelfUpdateOverview());
+    } catch (error) {
+        return NextResponse.json(
+            { error: error instanceof Error ? error.message : 'Failed to load the update overview.' },
+            { status: 500 },
+        );
+    }
+}
+
+/**
+ * Starts a detached standalone VPS self-update for the selected environment.
+ */
+export async function POST(request: Request) {
+    if (!(await isUserGlobalAdmin())) {
+        return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+    }
+
+    try {
+        const body = (await request.json().catch(() => null)) as
+            | {
+                  readonly environment?: string;
+              }
+            | null;
+
+        if (!body?.environment || typeof body.environment !== 'string') {
+            return NextResponse.json({ error: 'Update environment is required.' }, { status: 400 });
+        }
+
+        return NextResponse.json(await startVpsSelfUpdate(body.environment), { status: 202 });
+    } catch (error) {
+        return NextResponse.json(
+            { error: error instanceof Error ? error.message : 'Failed to start the update.' },
+            { status: 500 },
+        );
+    }
+}

package/apps/agents-server/src/app/api/auth/login/route.ts

@@ -1,5 +1,6 @@
 import { authenticateUser } from '../../../../utils/authenticateUser';
 import { setSession } from '../../../../utils/session';
+import { writeShibbolethAuthenticationLog } from '../../../../utils/shibboleth/writeShibbolethAuthenticationLog';
 import { NextResponse } from 'next/server';
 
 /**
@@ -7,6 +8,13 @@ import { NextResponse } from 'next/server';
  */
 export async function POST(request: Request) {
     try {
+        writeShibbolethAuthenticationLog(request.headers, {
+            event: 'login-route-request',
+            pathname: '/api/auth/login',
+            method: request.method,
+            hasSessionCookie: (request.headers.get('cookie') || '').includes('sessionToken='),
+        });
+
         const body = await request.json();
         const { username, password } = body;
 

package/apps/agents-server/src/app/api/auth/logout/route.ts

@@ -1,10 +1,18 @@
-import { clearSession } from '../../../../utils/session';
 import { NextResponse } from 'next/server';
+import { clearSession } from '../../../../utils/session';
+import { writeShibbolethAuthenticationLog } from '../../../../utils/shibboleth/writeShibbolethAuthenticationLog';
 
 /**
  * Handles post.
  */
-export async function POST() {
+export async function POST(request: Request) {
+    writeShibbolethAuthenticationLog(request.headers, {
+        event: 'logout-route-request',
+        pathname: '/api/auth/logout',
+        method: request.method,
+        hasSessionCookie: (request.headers.get('cookie') || '').includes('sessionToken='),
+    });
+
     await clearSession();
     return NextResponse.json({ success: true });
 }

package/apps/agents-server/src/app/api/chat/export/pdf/route.ts

@@ -0,0 +1,63 @@
+import { buildChatHtml } from '../../../../../../../../src/book-components/Chat/save/html/htmlSaveFormatDefinition';
+import type { ChatMessage } from '../../../../../../../../src/book-components/Chat/types/ChatMessage';
+import type { ChatParticipant } from '../../../../../../../../src/book-components/Chat/types/ChatParticipant';
+import { createChatExportFilename } from '../../../../../../../../src/book-components/Chat/save/_common/createChatExportFilename';
+import { NextRequest, NextResponse } from 'next/server';
+import { renderHtmlToPdfOnServer } from '@/src/utils/chatExport/renderHtmlToPdfOnServer';
+
+/**
+ * PDF export requires the Node.js runtime because it depends on Playwright.
+ */
+export const runtime = 'nodejs';
+
+/**
+ * Minimal request payload accepted by the chat PDF export endpoint.
+ *
+ * @private internal type for POST /api/chat/export/pdf
+ */
+type ChatPdfExportRequestBody = {
+    readonly title: string;
+    readonly messages: ReadonlyArray<ChatMessage>;
+    readonly participants: ReadonlyArray<ChatParticipant>;
+};
+
+/**
+ * Builds a server-rendered PDF from the standalone HTML chat export.
+ */
+export async function POST(request: NextRequest) {
+    let requestBody: ChatPdfExportRequestBody;
+
+    try {
+        requestBody = (await request.json()) as ChatPdfExportRequestBody;
+    } catch {
+        return NextResponse.json({ error: 'Invalid JSON payload.' }, { status: 400 });
+    }
+
+    if (
+        typeof requestBody?.title !== 'string' ||
+        !Array.isArray(requestBody.messages) ||
+        !Array.isArray(requestBody.participants)
+    ) {
+        return NextResponse.json(
+            { error: 'Expected `title`, `messages`, and `participants` in the PDF export payload.' },
+            { status: 400 },
+        );
+    }
+
+    try {
+        const pdfBuffer = await renderHtmlToPdfOnServer(
+            buildChatHtml(requestBody.title, requestBody.messages, requestBody.participants),
+        );
+        const filename = createChatExportFilename(requestBody.title, 'pdf');
+
+        return new NextResponse(pdfBuffer, {
+            headers: {
+                'Content-Type': 'application/pdf',
+                'Content-Disposition': `attachment; filename="${filename}"`,
+            },
+        });
+    } catch (error) {
+        console.error('Failed to export chat PDF:', error);
+        return NextResponse.json({ error: 'Failed to export chat as PDF.' }, { status: 500 });
+    }
+}

package/apps/agents-server/src/app/page.tsx

@@ -13,6 +13,7 @@ import {
     resolveRegisteredServerByHost,
     type ServerRecord,
 } from '../utils/serverRegistry';
+import { isStandaloneVpsRawIpBootstrapActive } from '../utils/standaloneVpsRawIpBootstrap';
 import { getHomePageAgents } from './_data/getHomePageAgents';
 
 /**
@@ -77,6 +78,15 @@ async function resolveIpAddressRouting(host: string | null): Promise<'LOGIN' | '
         return (await isUserGlobalAdmin()) ? 'CONFIGURE' : 'LOGIN';
     }
 
+    if (
+        isStandaloneVpsRawIpBootstrapActive({
+            nextPublicSiteUrl: process.env.NEXT_PUBLIC_SITE_URL,
+            publicIpAddress: process.env.PTBK_PUBLIC_IP_ADDRESS,
+        })
+    ) {
+        return null;
+    }
+
     if (registeredServers.length === 1) {
         redirect(createServerPublicUrl(registeredServers[0]!.domain).href);
     }