@promptbook/cli 0.112.0-96 → 0.112.0-98

package/apps/agents-server/src/middleware.ts

@@ -3,6 +3,7 @@ import { applyVisibilityHeaders } from './middleware/applyVisibilityHeaders';
 import { createMiddlewareRequestContext } from './middleware/createMiddlewareRequestContext';
 import { resolveAccessControlResponse } from './middleware/resolveAccessControlResponse';
 import { resolveMiddlewareResponse } from './middleware/resolveMiddlewareResponse';
+import { writeShibbolethAuthenticationLog } from './utils/shibboleth/writeShibbolethAuthenticationLog';
 
 /**
  * Main Next.js middleware coordinating request context loading, access control,
@@ -12,6 +13,15 @@ import { resolveMiddlewareResponse } from './middleware/resolveMiddlewareRespons
  * @returns Middleware response.
  */
 export async function middleware(request: NextRequest): Promise<NextResponse> {
+    if (shouldLogShibbolethRequestFromMiddleware(request)) {
+        writeShibbolethAuthenticationLog(request.headers, {
+            event: 'middleware-request',
+            pathname: request.nextUrl.pathname,
+            method: request.method,
+            hasSessionCookie: request.cookies.has('sessionToken'),
+        });
+    }
+
     const middlewareRequestContext = await createMiddlewareRequestContext(request);
     const applyResponseHeaders = async (response: NextResponse): Promise<void> => {
         await applyVisibilityHeaders({
@@ -58,3 +68,25 @@ export const config = {
         '/((?!_next/static|_next/image|favicon.ico|logo-|fonts/|robots.txt|api/internal).*)',
     ],
 };
+
+/**
+ * Decides whether the current middleware request should emit Shibboleth diagnostics.
+ *
+ * We log the first anonymous request plus explicit auth/SAML routes so standalone VPS
+ * pm2 logs show the incoming Shibboleth attributes without flooding every authenticated
+ * page load once the browser already carries a session cookie.
+ *
+ * @param request - Incoming middleware request.
+ * @returns `true` when the request is useful for Shibboleth diagnostics.
+ */
+function shouldLogShibbolethRequestFromMiddleware(request: NextRequest): boolean {
+    const pathname = request.nextUrl.pathname.toLowerCase();
+    const isAuthenticationPath = pathname.startsWith('/api/auth');
+    const isShibbolethPath = pathname.includes('shibboleth') || pathname.includes('saml');
+
+    if (isAuthenticationPath || isShibbolethPath) {
+        return true;
+    }
+
+    return !request.cookies.has('sessionToken');
+}

package/apps/agents-server/src/tools/BrowserConnectionProvider.ts

@@ -410,7 +410,7 @@ export class BrowserConnectionProvider {
         await mkdir(userDataDir, { recursive: true });
 
         const launchOptions: NonNullable<Parameters<typeof chromium.launchPersistentContext>[1]> = {
-            headless: false,
+            headless: true,
             args: ['--no-sandbox', '--disable-setuid-sandbox', '--disable-dev-shm-usage'],
         };
 

package/apps/agents-server/src/utils/chatExport/downloadChatPdfFromServer.ts

@@ -0,0 +1,59 @@
+import type { ChatMessage } from '../../../../../src/book-components/Chat/types/ChatMessage';
+import type { ChatParticipant } from '../../../../../src/book-components/Chat/types/ChatParticipant';
+import { downloadBlob, parseFilenameFromContentDisposition } from '../download/browserFileDownload';
+
+/**
+ * Payload sent to the Agents Server PDF export endpoint.
+ *
+ * @private internal type for `downloadChatPdfFromServer`
+ */
+type DownloadChatPdfFromServerOptions = {
+    readonly title: string;
+    readonly messages: ReadonlyArray<ChatMessage>;
+    readonly participants: ReadonlyArray<ChatParticipant>;
+};
+
+/**
+ * Requests a server-rendered chat PDF and triggers the browser download.
+ *
+ * @param options - Chat export payload.
+ */
+export async function downloadChatPdfFromServer(options: DownloadChatPdfFromServerOptions): Promise<void> {
+    const response = await fetch('/api/chat/export/pdf', {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+        },
+        body: JSON.stringify({
+            title: options.title,
+            messages: options.messages,
+            participants: options.participants.map(serializeChatParticipantForExport),
+        }),
+    });
+
+    if (!response.ok) {
+        const payload = (await response.json().catch(() => null)) as { error?: string } | null;
+        throw new Error(payload?.error || 'Failed to export chat as PDF.');
+    }
+
+    const pdfBlob = await response.blob();
+    const filename =
+        parseFilenameFromContentDisposition(response.headers.get('Content-Disposition')) || 'chat-export.pdf';
+
+    downloadBlob(pdfBlob, filename);
+}
+
+/**
+ * Normalizes participant data so the payload stays JSON-safe when custom color helpers are used.
+ *
+ * @param participant - One chat participant.
+ * @returns Serializable participant payload.
+ *
+ * @private helper for `downloadChatPdfFromServer`
+ */
+function serializeChatParticipantForExport(participant: ChatParticipant): ChatParticipant {
+    return {
+        ...participant,
+        color: participant.color ? String(participant.color) : undefined,
+    };
+}

package/apps/agents-server/src/utils/chatExport/renderHtmlToPdfOnServer.ts

@@ -0,0 +1,37 @@
+import { $provideBrowserForServer } from '@/src/tools/$provideBrowserForServer';
+
+/**
+ * Browser viewport used while rendering standalone HTML exports to PDF.
+ */
+const CHAT_EXPORT_PDF_VIEWPORT = {
+    width: 1280,
+    height: 1600,
+} as const;
+
+/**
+ * Prints standalone HTML into a PDF using the shared server-side Chromium instance.
+ *
+ * @param html - Fully rendered standalone HTML document.
+ * @returns PDF bytes ready for an HTTP response.
+ */
+export async function renderHtmlToPdfOnServer(html: string): Promise<Buffer> {
+    const browserContext = await $provideBrowserForServer();
+    const page = await browserContext.newPage();
+
+    try {
+        await page.setViewportSize(CHAT_EXPORT_PDF_VIEWPORT);
+        await page.emulateMedia({ media: 'print' });
+        await page.setContent(html, { waitUntil: 'load' });
+        await page.evaluate(async () => {
+            await document.fonts?.ready;
+        });
+
+        return await page.pdf({
+            format: 'Letter',
+            printBackground: true,
+            preferCSSPageSize: true,
+        });
+    } finally {
+        await page.close();
+    }
+}

package/apps/agents-server/src/utils/codeRunnerAuthentication.ts

@@ -0,0 +1,234 @@
+import { createVpsInstallerCommandEnvironment, resolveVpsInstallerScriptPath } from './vpsConfiguration';
+import {
+    getInteractiveTerminalSession,
+    getLatestInteractiveTerminalSession,
+    startInteractiveTerminalSession,
+    stopInteractiveTerminalSession,
+    subscribeToInteractiveTerminalSession,
+    type InteractiveTerminalSessionSnapshot,
+    type InteractiveTerminalSessionSubscriber,
+    writeInteractiveTerminalSessionInput,
+} from './interactiveTerminalSession';
+
+/**
+ * Serializable snapshot of one interactive code-runner authentication session.
+ */
+export type CodeRunnerAuthenticationSessionSnapshot = {
+    /**
+     * Session identifier used by the browser UI.
+     */
+    readonly id: string;
+
+    /**
+     * Runner being authenticated.
+     */
+    readonly agent: string;
+
+    /**
+     * Whether the interactive runner process is still active.
+     */
+    readonly isRunning: boolean;
+
+    /**
+     * Buffered session output shown in the admin terminal.
+     */
+    readonly output: string;
+
+    /**
+     * Session start timestamp in ISO format.
+     */
+    readonly startedAt: string;
+
+    /**
+     * Session finish timestamp in ISO format, when available.
+     */
+    readonly finishedAt: string | null;
+
+    /**
+     * Process exit code once the session has finished.
+     */
+    readonly exitCode: number | null;
+
+    /**
+     * Process signal once the session has finished.
+     */
+    readonly signal: NodeJS.Signals | null;
+};
+
+/**
+ * Browser stream callbacks used by one subscribed UI client.
+ */
+export type CodeRunnerAuthenticationSessionSubscriber = {
+    /**
+     * Called whenever new terminal output arrives.
+     */
+    readonly onOutput: (event: Parameters<InteractiveTerminalSessionSubscriber['onOutput']>[0]) => void;
+
+    /**
+     * Called once the session exits.
+     */
+    readonly onExit: (event: { readonly type: 'exit'; readonly snapshot: CodeRunnerAuthenticationSessionSnapshot }) => void;
+};
+
+/**
+ * Starts a streamed authentication session for the currently configured standalone runner.
+ *
+ * @param agent - Runner identifier stored in `.env`.
+ * @returns Existing running session for the same runner or a new one.
+ */
+export async function startCodeRunnerAuthenticationSession(
+    agent: string,
+): Promise<CodeRunnerAuthenticationSessionSnapshot> {
+    const scriptPath = await resolveVpsInstallerScriptPath();
+    if (!scriptPath) {
+        throw new Error('The VPS installer script could not be found on this server.');
+    }
+
+    return toRequiredCodeRunnerAuthenticationSessionSnapshot(
+        startInteractiveTerminalSession({
+            sessionKey: buildCodeRunnerAuthenticationSessionKey(agent),
+            title: `${agent} authentication`,
+            command: 'bash',
+            arguments: [scriptPath, 'authenticate-runner'],
+            env: createVpsInstallerCommandEnvironment({
+                isNonInteractiveModeEnabled: false,
+                isProcessRestartEnabled: false,
+            }),
+            metadata: {
+                agent,
+            },
+            unavailableErrorMessage: 'Interactive code-runner authentication is available only on the Linux VPS runtime.',
+        }),
+        agent,
+    );
+}
+
+/**
+ * Returns the latest known authentication session for a runner.
+ *
+ * @param agent - Runner identifier.
+ * @returns Serializable session snapshot or `null`.
+ */
+export function getLatestCodeRunnerAuthenticationSession(
+    agent: string,
+): CodeRunnerAuthenticationSessionSnapshot | null {
+    return toCodeRunnerAuthenticationSessionSnapshot(
+        getLatestInteractiveTerminalSession(buildCodeRunnerAuthenticationSessionKey(agent)),
+        agent,
+    );
+}
+
+/**
+ * Looks up one authentication session by id.
+ *
+ * @param sessionId - Session identifier.
+ * @returns Serializable session snapshot or `null`.
+ */
+export function getCodeRunnerAuthenticationSession(
+    sessionId: string,
+): CodeRunnerAuthenticationSessionSnapshot | null {
+    return toCodeRunnerAuthenticationSessionSnapshot(getInteractiveTerminalSession(sessionId));
+}
+
+/**
+ * Subscribes one browser connection to live terminal events.
+ *
+ * @param sessionId - Session identifier.
+ * @param subscriber - Stream callbacks.
+ * @returns Cleanup callback.
+ */
+export function subscribeToCodeRunnerAuthenticationSession(
+    sessionId: string,
+    subscriber: CodeRunnerAuthenticationSessionSubscriber,
+): (() => void) | null {
+    return subscribeToInteractiveTerminalSession(sessionId, {
+        onOutput: subscriber.onOutput,
+        onExit: ({ snapshot }) =>
+            subscriber.onExit({
+                type: 'exit',
+                snapshot: toRequiredCodeRunnerAuthenticationSessionSnapshot(snapshot),
+            }),
+    });
+}
+
+/**
+ * Sends interactive input to a running authentication terminal.
+ *
+ * @param sessionId - Session identifier.
+ * @param input - Raw text to write to stdin.
+ * @returns Updated session snapshot.
+ */
+export function writeCodeRunnerAuthenticationSessionInput(
+    sessionId: string,
+    input: string,
+): CodeRunnerAuthenticationSessionSnapshot {
+    return toRequiredCodeRunnerAuthenticationSessionSnapshot(writeInteractiveTerminalSessionInput(sessionId, input));
+}
+
+/**
+ * Stops a running authentication terminal.
+ *
+ * @param sessionId - Session identifier.
+ * @returns Updated session snapshot.
+ */
+export function stopCodeRunnerAuthenticationSession(
+    sessionId: string,
+): CodeRunnerAuthenticationSessionSnapshot {
+    return toRequiredCodeRunnerAuthenticationSessionSnapshot(stopInteractiveTerminalSession(sessionId));
+}
+
+/**
+ * Builds the stable logical session key for one runner authentication terminal.
+ *
+ * @param agent - Runner identifier.
+ * @returns Stable session key.
+ */
+function buildCodeRunnerAuthenticationSessionKey(agent: string): string {
+    return `code-runner-authentication:${agent}`;
+}
+
+/**
+ * Converts one generic terminal snapshot into the runner-specific browser shape.
+ *
+ * @param session - Generic terminal snapshot.
+ * @param fallbackAgent - Agent name used when older sessions miss metadata.
+ * @returns Runner-specific snapshot or `null`.
+ */
+function toCodeRunnerAuthenticationSessionSnapshot(
+    session: InteractiveTerminalSessionSnapshot | null,
+    fallbackAgent = '',
+): CodeRunnerAuthenticationSessionSnapshot | null {
+    if (!session) {
+        return null;
+    }
+
+    return {
+        id: session.id,
+        agent: session.metadata.agent || fallbackAgent,
+        isRunning: session.isRunning,
+        output: session.output,
+        startedAt: session.startedAt,
+        finishedAt: session.finishedAt,
+        exitCode: session.exitCode,
+        signal: session.signal,
+    };
+}
+
+/**
+ * Converts one generic terminal snapshot into a required runner-specific snapshot.
+ *
+ * @param session - Generic terminal snapshot.
+ * @returns Runner-specific snapshot.
+ */
+function toRequiredCodeRunnerAuthenticationSessionSnapshot(
+    session: InteractiveTerminalSessionSnapshot | null,
+    fallbackAgent = '',
+): CodeRunnerAuthenticationSessionSnapshot {
+    const mappedSession = toCodeRunnerAuthenticationSessionSnapshot(session, fallbackAgent);
+
+    if (!mappedSession) {
+        throw new Error('Authentication session was not found.');
+    }
+
+    return mappedSession;
+}

package/apps/agents-server/src/utils/codeRunnerConfiguration.ts

@@ -0,0 +1,67 @@
+import { execFile } from 'child_process';
+import { promisify } from 'util';
+import { listVpsEnvironmentVariables } from './vpsConfiguration';
+
+const execFileAsync = promisify(execFile);
+
+/**
+ * Saved standalone VPS code-runner configuration exposed to the admin UI.
+ */
+export type ConfiguredCodeRunner = {
+    /**
+     * Runner identifier persisted in `.env`.
+     */
+    readonly agent: string;
+
+    /**
+     * Model identifier persisted in `.env`.
+     */
+    readonly model: string;
+
+    /**
+     * Thinking level persisted in `.env`.
+     */
+    readonly thinkingLevel: string;
+};
+
+/**
+ * Reads the currently configured standalone VPS code runner from managed environment variables.
+ *
+ * @returns Saved code-runner settings with fallback defaults.
+ */
+export async function readConfiguredCodeRunner(): Promise<ConfiguredCodeRunner> {
+    const snapshot = await listVpsEnvironmentVariables();
+    const environmentByKey = Object.fromEntries(snapshot.variables.map((variable) => [variable.key, variable.value])) as Record<
+        string,
+        string
+    >;
+
+    return {
+        agent: environmentByKey.PTBK_AGENT || process.env.PTBK_AGENT || 'github-copilot',
+        model: environmentByKey.PTBK_MODEL || process.env.PTBK_MODEL || 'gpt-5.4',
+        thinkingLevel: environmentByKey.PTBK_THINKING_LEVEL || process.env.PTBK_THINKING_LEVEL || 'xhigh',
+    };
+}
+
+/**
+ * Resolves a short runner-authentication status for the configured runner.
+ *
+ * @param agent - Runner id.
+ * @returns Human-readable status.
+ */
+export async function resolveCodeRunnerStatus(agent: string): Promise<string> {
+    if (agent !== 'github-copilot') {
+        return 'Status check is currently available for GitHub Copilot CLI only.';
+    }
+
+    try {
+        const { stdout, stderr } = await execFileAsync('copilot', ['auth', 'status'], {
+            timeout: 10_000,
+            maxBuffer: 128 * 1024,
+        });
+
+        return [stdout, stderr].filter(Boolean).join('\n').trim() || 'GitHub Copilot CLI returned no status output.';
+    } catch (error) {
+        return error instanceof Error ? error.message : 'GitHub Copilot CLI status check failed.';
+    }
+}

package/apps/agents-server/src/utils/createInteractiveTerminalEventStream.ts

@@ -0,0 +1,84 @@
+import type { InteractiveTerminalSessionSubscriber } from './interactiveTerminalSession';
+
+/**
+ * Minimal browser-safe terminal session shape needed by the shared SSE helper.
+ */
+type InteractiveTerminalEventStreamSession = {
+    readonly isRunning: boolean;
+};
+
+/**
+ * Generic subscriber shape used by one streamed browser terminal route.
+ */
+type InteractiveTerminalEventStreamSubscriber<TSession extends InteractiveTerminalEventStreamSession> = {
+    readonly onOutput: InteractiveTerminalSessionSubscriber['onOutput'];
+    readonly onExit: (event: { readonly type: 'exit'; readonly snapshot: TSession }) => void;
+};
+
+/**
+ * Creates one SSE response that replays buffered terminal output and then streams live events.
+ *
+ * @param request - Browser stream request.
+ * @param sessionId - Terminal session id.
+ * @param session - Existing session snapshot.
+ * @param subscribe - Subscription function for live terminal events.
+ * @returns Event stream response.
+ */
+export function createInteractiveTerminalEventStream<TSession extends InteractiveTerminalEventStreamSession>(
+    request: Request,
+    sessionId: string,
+    session: TSession,
+    subscribe: (
+        sessionId: string,
+        subscriber: InteractiveTerminalEventStreamSubscriber<TSession>,
+    ) => (() => void) | null,
+): Response {
+    const encoder = new TextEncoder();
+
+    return new Response(
+        new ReadableStream({
+            start(controller) {
+                const emitEvent = (event: string, payload: unknown) => {
+                    controller.enqueue(encoder.encode(`event: ${event}\ndata: ${JSON.stringify(payload)}\n\n`));
+                };
+
+                emitEvent('snapshot', session);
+
+                if (!session.isRunning) {
+                    controller.close();
+                    return;
+                }
+
+                const unsubscribe = subscribe(sessionId, {
+                    onOutput: ({ chunk }) => emitEvent('output', { chunk }),
+                    onExit: ({ snapshot: nextSession }) => {
+                        emitEvent('exit', nextSession);
+                        unsubscribe?.();
+                        controller.close();
+                    },
+                });
+
+                if (!unsubscribe) {
+                    controller.error(new Error('Terminal session was not found.'));
+                    return;
+                }
+
+                request.signal.addEventListener(
+                    'abort',
+                    () => {
+                        unsubscribe();
+                        controller.close();
+                    },
+                    { once: true },
+                );
+            },
+        }),
+        {
+            headers: {
+                'Content-Type': 'text/event-stream',
+                'Cache-Control': 'no-cache, no-transform',
+                Connection: 'keep-alive',
+            },
+        },
+    );
+}