stagent 0.4.0 → 0.5.0

package/src/app/api/chat/entities/search/route.ts

@@ -0,0 +1,97 @@
+import { NextResponse } from "next/server";
+import { db } from "@/lib/db";
+import { projects, tasks, workflows, documents, schedules } from "@/lib/db/schema";
+import { like, desc } from "drizzle-orm";
+import { listProfiles } from "@/lib/agents/profiles/registry";
+
+function formatBytes(bytes: number): string {
+  if (bytes < 1024) return `${bytes} B`;
+  if (bytes < 1048576) return `${(bytes / 1024).toFixed(1)} KB`;
+  return `${(bytes / 1048576).toFixed(1)} MB`;
+}
+
+interface EntityResult {
+  entityType: string;
+  entityId: string;
+  label: string;
+  status?: string;
+  description?: string;
+}
+
+export async function GET(request: Request) {
+  const url = new URL(request.url);
+  const query = url.searchParams.get("q") ?? "";
+  const limit = Math.min(parseInt(url.searchParams.get("limit") ?? "10", 10), 20);
+
+  if (!query.trim()) {
+    return NextResponse.json({ results: [] });
+  }
+
+  const pattern = `%${query}%`;
+  const perType = Math.max(2, Math.floor(limit / 5));
+
+  const results: EntityResult[] = [];
+
+  // Search in parallel across all entity types
+  const [projectRows, taskRows, workflowRows, documentRows, scheduleRows] =
+    await Promise.all([
+      db
+        .select({ id: projects.id, name: projects.name, status: projects.status, description: projects.description })
+        .from(projects)
+        .where(like(projects.name, pattern))
+        .orderBy(desc(projects.updatedAt))
+        .limit(perType),
+      db
+        .select({ id: tasks.id, title: tasks.title, status: tasks.status, description: tasks.description })
+        .from(tasks)
+        .where(like(tasks.title, pattern))
+        .orderBy(desc(tasks.updatedAt))
+        .limit(perType),
+      db
+        .select({ id: workflows.id, name: workflows.name, status: workflows.status })
+        .from(workflows)
+        .where(like(workflows.name, pattern))
+        .orderBy(desc(workflows.updatedAt))
+        .limit(perType),
+      db
+        .select({ id: documents.id, name: documents.originalName, status: documents.status, mimeType: documents.mimeType, size: documents.size })
+        .from(documents)
+        .where(like(documents.originalName, pattern))
+        .orderBy(desc(documents.createdAt))
+        .limit(perType),
+      db
+        .select({ id: schedules.id, name: schedules.name, status: schedules.status })
+        .from(schedules)
+        .where(like(schedules.name, pattern))
+        .orderBy(desc(schedules.updatedAt))
+        .limit(perType),
+    ]);
+
+  for (const p of projectRows) {
+    results.push({ entityType: "project", entityId: p.id, label: p.name, status: p.status, description: p.description?.slice(0, 120) || undefined });
+  }
+  for (const t of taskRows) {
+    results.push({ entityType: "task", entityId: t.id, label: t.title, status: t.status, description: t.description?.slice(0, 120) || undefined });
+  }
+  for (const w of workflowRows) {
+    results.push({ entityType: "workflow", entityId: w.id, label: w.name, status: w.status });
+  }
+  for (const d of documentRows) {
+    results.push({ entityType: "document", entityId: d.id, label: d.name, status: d.status, description: `${d.mimeType}, ${formatBytes(d.size)}` });
+  }
+  for (const s of scheduleRows) {
+    results.push({ entityType: "schedule", entityId: s.id, label: s.name, status: s.status });
+  }
+
+  // Search profiles in-memory (file-based registry)
+  const lowerQuery = query.toLowerCase();
+  const profileMatches = listProfiles()
+    .filter((p) => p.name.toLowerCase().includes(lowerQuery) || p.id.toLowerCase().includes(lowerQuery))
+    .slice(0, perType);
+
+  for (const p of profileMatches) {
+    results.push({ entityType: "profile", entityId: p.id, label: p.name });
+  }
+
+  return NextResponse.json({ results: results.slice(0, limit) });
+}

package/src/app/api/documents/[id]/file/route.ts

@@ -11,12 +11,14 @@ export async function GET(
 ) {
   const { id } = await params;
   const inline = req.nextUrl.searchParams.get("inline") === "1";
+  const thumb = req.nextUrl.searchParams.get("thumb") === "1";
 
   const [doc] = await db
     .select({
       originalName: documents.originalName,
       mimeType: documents.mimeType,
       storagePath: documents.storagePath,
+      processedPath: documents.processedPath,
     })
     .from(documents)
     .where(eq(documents.id, id));
@@ -26,7 +28,8 @@ export async function GET(
   }
 
   try {
-    const data = await readFile(doc.storagePath);
+    const filePath = (thumb && doc.processedPath) ? doc.processedPath : doc.storagePath;
+    const data = await readFile(filePath);
     const filename = basename(doc.originalName);
     const canInline =
       inline && (doc.mimeType.startsWith("image/") || doc.mimeType === "application/pdf");

package/src/app/api/projects/[id]/route.ts

@@ -1,7 +1,23 @@
 import { NextRequest, NextResponse } from "next/server";
 import { db } from "@/lib/db";
-import { projects, tasks } from "@/lib/db/schema";
-import { eq } from "drizzle-orm";
+import {
+  projects,
+  tasks,
+  workflows,
+  documents,
+  schedules,
+  agentLogs,
+  notifications,
+  learnedContext,
+  usageLedger,
+  environmentSyncOps,
+  environmentCheckpoints,
+  environmentArtifacts,
+  environmentScans,
+  chatMessages,
+  conversations,
+} from "@/lib/db/schema";
+import { eq, inArray } from "drizzle-orm";
 import { updateProjectSchema } from "@/lib/validators/project";
 
 export async function GET(
@@ -61,12 +77,106 @@ export async function DELETE(
     return NextResponse.json({ error: "Not found" }, { status: 404 });
   }
 
-  // Disassociate tasks before deleting project (avoids FK constraint failure)
-  await db
-    .update(tasks)
-    .set({ projectId: null, updatedAt: new Date() })
-    .where(eq(tasks.projectId, id));
+  try {
+    // Cascade-delete in FK-safe order (children before parents)
+    // Follows the same pattern as clear.ts and workflow DELETE
+
+    // 1. Collect child IDs for nested FK chains
+    const taskIds = db
+      .select({ id: tasks.id })
+      .from(tasks)
+      .where(eq(tasks.projectId, id))
+      .all()
+      .map((r) => r.id);
+
+    const workflowIds = db
+      .select({ id: workflows.id })
+      .from(workflows)
+      .where(eq(workflows.projectId, id))
+      .all()
+      .map((r) => r.id);
+
+    const conversationIds = db
+      .select({ id: conversations.id })
+      .from(conversations)
+      .where(eq(conversations.projectId, id))
+      .all()
+      .map((r) => r.id);
+
+    const scanIds = db
+      .select({ id: environmentScans.id })
+      .from(environmentScans)
+      .where(eq(environmentScans.projectId, id))
+      .all()
+      .map((r) => r.id);
+
+    const checkpointIds = db
+      .select({ id: environmentCheckpoints.id })
+      .from(environmentCheckpoints)
+      .where(eq(environmentCheckpoints.projectId, id))
+      .all()
+      .map((r) => r.id);
+
+    // 2. Environment tables (deepest children first)
+    if (checkpointIds.length > 0) {
+      db.delete(environmentSyncOps)
+        .where(inArray(environmentSyncOps.checkpointId, checkpointIds))
+        .run();
+      db.delete(environmentCheckpoints)
+        .where(inArray(environmentCheckpoints.id, checkpointIds))
+        .run();
+    }
+    if (scanIds.length > 0) {
+      db.delete(environmentArtifacts)
+        .where(inArray(environmentArtifacts.scanId, scanIds))
+        .run();
+      db.delete(environmentScans)
+        .where(inArray(environmentScans.id, scanIds))
+        .run();
+    }
 
-  await db.delete(projects).where(eq(projects.id, id));
-  return NextResponse.json({ success: true });
+    // 3. Chat tables (messages before conversations)
+    if (conversationIds.length > 0) {
+      db.delete(chatMessages)
+        .where(inArray(chatMessages.conversationId, conversationIds))
+        .run();
+      db.delete(conversations)
+        .where(inArray(conversations.id, conversationIds))
+        .run();
+    }
+
+    // 4. Usage ledger (references projectId, workflowId, taskId)
+    db.delete(usageLedger).where(eq(usageLedger.projectId, id)).run();
+
+    // 5. Task children (logs, notifications, documents, learned context)
+    if (taskIds.length > 0) {
+      db.delete(agentLogs).where(inArray(agentLogs.taskId, taskIds)).run();
+      db.delete(notifications)
+        .where(inArray(notifications.taskId, taskIds))
+        .run();
+      db.delete(documents).where(inArray(documents.taskId, taskIds)).run();
+      db.delete(learnedContext)
+        .where(inArray(learnedContext.sourceTaskId, taskIds))
+        .run();
+    }
+
+    // 6. Direct project children
+    db.delete(documents).where(eq(documents.projectId, id)).run();
+    db.delete(tasks).where(eq(tasks.projectId, id)).run();
+    if (workflowIds.length > 0) {
+      db.delete(workflows).where(inArray(workflows.id, workflowIds)).run();
+    }
+    db.delete(schedules).where(eq(schedules.projectId, id)).run();
+
+    // 7. Finally delete the project
+    db.delete(projects).where(eq(projects.id, id)).run();
+
+    return NextResponse.json({ success: true });
+  } catch (err) {
+    console.error("Project delete failed:", err);
+    return NextResponse.json(
+      { error: err instanceof Error ? err.message : "Delete failed" },
+      { status: 500 }
+    );
+  }
 }

package/src/app/api/projects/__tests__/delete-project.test.ts

@@ -0,0 +1,170 @@
+import { describe, expect, it } from "vitest";
+import { readFileSync } from "fs";
+import { join } from "path";
+import * as schema from "@/lib/db/schema";
+
+/**
+ * Safety-net regression tests for project cascade deletion.
+ *
+ * These verify that the DELETE handler in projects/[id]/route.ts
+ * properly handles all FK relationships before deleting a project.
+ * This prevents the "Failed to delete project" FK constraint error
+ * that occurs when related records exist.
+ */
+describe("project DELETE cascade coverage", () => {
+  const deleteRouteSource = readFileSync(
+    join(__dirname, "..", "[id]", "route.ts"),
+    "utf-8"
+  );
+
+  // Tables that have a direct projectId FK to projects
+  const TABLES_WITH_PROJECT_FK = [
+    "tasks",
+    "workflows",
+    "documents",
+    "schedules",
+    "usageLedger",
+    "environmentScans",
+    "environmentCheckpoints",
+    "conversations",
+  ];
+
+  // Tables that are indirect children (FK to a table that has projectId)
+  // These must be deleted before their parent tables
+  const INDIRECT_CHILDREN = [
+    { table: "agentLogs", parent: "tasks", via: "taskId" },
+    { table: "notifications", parent: "tasks", via: "taskId" },
+    { table: "learnedContext", parent: "tasks", via: "sourceTaskId" },
+    { table: "chatMessages", parent: "conversations", via: "conversationId" },
+    { table: "environmentArtifacts", parent: "environmentScans", via: "scanId" },
+    { table: "environmentSyncOps", parent: "environmentCheckpoints", via: "checkpointId" },
+  ];
+
+  it("handles all tables with direct projectId FK", () => {
+    const missing = TABLES_WITH_PROJECT_FK.filter(
+      (table) => !deleteRouteSource.includes(`db.delete(${table})`)
+    );
+
+    expect(
+      missing,
+      `Project DELETE route missing cascade for tables: ${missing.join(", ")}. ` +
+      `These have projectId FK and will cause constraint violations.`
+    ).toEqual([]);
+  });
+
+  it("handles all indirect child tables", () => {
+    const missing = INDIRECT_CHILDREN.filter(
+      ({ table }) => !deleteRouteSource.includes(`db.delete(${table})`)
+    );
+
+    expect(
+      missing.map((m) => `${m.table} (child of ${m.parent} via ${m.via})`),
+      `Project DELETE route missing cascade for indirect children. ` +
+      `These must be deleted before their parent tables.`
+    ).toEqual([]);
+  });
+
+  it("imports all required schema tables", () => {
+    const allTables = [
+      ...TABLES_WITH_PROJECT_FK,
+      ...INDIRECT_CHILDREN.map((c) => c.table),
+    ];
+
+    const missingImports = allTables.filter(
+      (table) => !deleteRouteSource.includes(table)
+    );
+
+    expect(
+      missingImports,
+      `Project DELETE route source does not reference these tables: ${missingImports.join(", ")}`
+    ).toEqual([]);
+  });
+
+  it("deletes children before parents (FK-safe order)", () => {
+    // Verify that child deletes appear BEFORE parent deletes in the source
+    const orderPairs = [
+      // chatMessages must come before conversations
+      { child: "chatMessages", parent: "conversations" },
+      // agentLogs, notifications, documents must come before tasks
+      { child: "agentLogs", parent: "tasks" },
+      { child: "notifications", parent: "tasks" },
+      // environmentArtifacts must come before environmentScans
+      { child: "environmentArtifacts", parent: "environmentScans" },
+      // environmentSyncOps must come before environmentCheckpoints
+      { child: "environmentSyncOps", parent: "environmentCheckpoints" },
+      // tasks, workflows, schedules must come before projects
+      { child: "tasks", parent: "projects" },
+      { child: "workflows", parent: "projects" },
+      { child: "schedules", parent: "projects" },
+    ];
+
+    const violations = orderPairs.filter(({ child, parent }) => {
+      // Find the LAST occurrence of db.delete(child) and FIRST occurrence of db.delete(parent)
+      // within the DELETE function (not the import section)
+      const deleteSection = deleteRouteSource.slice(
+        deleteRouteSource.indexOf("export async function DELETE")
+      );
+      const childPos = deleteSection.lastIndexOf(`db.delete(${child})`);
+      const parentPos = deleteSection.indexOf(`db.delete(${parent})`);
+      // child must appear before parent (lower index)
+      return childPos === -1 || parentPos === -1 || childPos > parentPos;
+    });
+
+    expect(
+      violations.map((v) => `${v.child} must be deleted before ${v.parent}`),
+      `FK-safe ordering violated — children must be deleted before parents`
+    ).toEqual([]);
+  });
+
+  it("wraps deletion in try/catch for error handling", () => {
+    const deleteSection = deleteRouteSource.slice(
+      deleteRouteSource.indexOf("export async function DELETE")
+    );
+    expect(deleteSection).toContain("try {");
+    expect(deleteSection).toContain("catch");
+    expect(deleteSection).toContain("status: 500");
+  });
+
+  it("verifies project exists before attempting delete", () => {
+    const deleteSection = deleteRouteSource.slice(
+      deleteRouteSource.indexOf("export async function DELETE")
+    );
+    expect(deleteSection).toContain("Not found");
+    expect(deleteSection).toContain("status: 404");
+  });
+
+  /**
+   * Meta-test: ensures all schema tables with a projectId column
+   * are accounted for in TABLES_WITH_PROJECT_FK above.
+   * If you add a new table with projectId to schema.ts, this test
+   * will fail and remind you to update both the delete handler
+   * and this test file.
+   */
+  it("test coverage includes all schema tables with projectId", () => {
+    const tablesWithProjectId = Object.entries(schema)
+      .filter(([, value]) => {
+        if (
+          value == null ||
+          typeof value !== "object" ||
+          !("getSQL" in (value as Record<string, unknown>))
+        ) {
+          return false;
+        }
+        // Check if the table object has a projectId column
+        const tableObj = value as Record<string, unknown>;
+        return "projectId" in tableObj;
+      })
+      .map(([name]) => name)
+      .filter((name) => name !== "projects"); // Exclude projects itself
+
+    const untested = tablesWithProjectId.filter(
+      (name) => !TABLES_WITH_PROJECT_FK.includes(name)
+    );
+
+    expect(
+      untested,
+      `New tables with projectId FK not covered in delete test: ${untested.join(", ")}. ` +
+      `Add them to TABLES_WITH_PROJECT_FK and update the DELETE handler.`
+    ).toEqual([]);
+  });
+});

package/src/app/api/settings/browser-tools/route.ts

@@ -0,0 +1,68 @@
+import { NextRequest, NextResponse } from "next/server";
+import { getSetting, setSetting } from "@/lib/settings/helpers";
+import { SETTINGS_KEYS } from "@/lib/constants/settings";
+
+export async function GET() {
+  const [chromeEnabled, playwrightEnabled, chromeConfig, playwrightConfig] =
+    await Promise.all([
+      getSetting(SETTINGS_KEYS.BROWSER_MCP_CHROME_DEVTOOLS_ENABLED),
+      getSetting(SETTINGS_KEYS.BROWSER_MCP_PLAYWRIGHT_ENABLED),
+      getSetting(SETTINGS_KEYS.BROWSER_MCP_CHROME_DEVTOOLS_CONFIG),
+      getSetting(SETTINGS_KEYS.BROWSER_MCP_PLAYWRIGHT_CONFIG),
+    ]);
+
+  return NextResponse.json({
+    chromeDevtoolsEnabled: chromeEnabled === "true",
+    playwrightEnabled: playwrightEnabled === "true",
+    chromeDevtoolsConfig: chromeConfig ?? "",
+    playwrightConfig: playwrightConfig ?? "",
+  });
+}
+
+export async function POST(req: NextRequest) {
+  const body = await req.json();
+
+  if (body.chromeDevtoolsEnabled !== undefined) {
+    await setSetting(
+      SETTINGS_KEYS.BROWSER_MCP_CHROME_DEVTOOLS_ENABLED,
+      body.chromeDevtoolsEnabled ? "true" : "false"
+    );
+  }
+
+  if (body.playwrightEnabled !== undefined) {
+    await setSetting(
+      SETTINGS_KEYS.BROWSER_MCP_PLAYWRIGHT_ENABLED,
+      body.playwrightEnabled ? "true" : "false"
+    );
+  }
+
+  if (body.chromeDevtoolsConfig !== undefined) {
+    await setSetting(
+      SETTINGS_KEYS.BROWSER_MCP_CHROME_DEVTOOLS_CONFIG,
+      body.chromeDevtoolsConfig
+    );
+  }
+
+  if (body.playwrightConfig !== undefined) {
+    await setSetting(
+      SETTINGS_KEYS.BROWSER_MCP_PLAYWRIGHT_CONFIG,
+      body.playwrightConfig
+    );
+  }
+
+  // Return updated state
+  const [chromeEnabled, playwrightEnabled, chromeConfig, playwrightConfig] =
+    await Promise.all([
+      getSetting(SETTINGS_KEYS.BROWSER_MCP_CHROME_DEVTOOLS_ENABLED),
+      getSetting(SETTINGS_KEYS.BROWSER_MCP_PLAYWRIGHT_ENABLED),
+      getSetting(SETTINGS_KEYS.BROWSER_MCP_CHROME_DEVTOOLS_CONFIG),
+      getSetting(SETTINGS_KEYS.BROWSER_MCP_PLAYWRIGHT_CONFIG),
+    ]);
+
+  return NextResponse.json({
+    chromeDevtoolsEnabled: chromeEnabled === "true",
+    playwrightEnabled: playwrightEnabled === "true",
+    chromeDevtoolsConfig: chromeConfig ?? "",
+    playwrightConfig: playwrightConfig ?? "",
+  });
+}

package/src/app/settings/page.tsx

@@ -5,6 +5,7 @@ import { DataManagementSection } from "@/components/settings/data-management-sec
 import { BudgetGuardrailsSection } from "@/components/settings/budget-guardrails-section";
 import { ChatSettingsSection } from "@/components/settings/chat-settings-section";
 import { RuntimeTimeoutSection } from "@/components/settings/runtime-timeout-section";
+import { BrowserToolsSection } from "@/components/settings/browser-tools-section";
 import { PageShell } from "@/components/shared/page-shell";
 
 export const dynamic = "force-dynamic";
@@ -17,6 +18,7 @@ export default function SettingsPage() {
         <OpenAIRuntimeSection />
         <ChatSettingsSection />
         <RuntimeTimeoutSection />
+        <BrowserToolsSection />
         <BudgetGuardrailsSection />
         <PermissionsSections />
         <DataManagementSection />