Merge branch 'development' into staging

Author: itsskofficial

src/.env.selfhost.template

@@ -5,35 +5,40 @@
 # The public-facing URL of your client application.
 # [BUILD-TIME & RUNTIME] Crucial for OAuth redirects and server-side requests.
 APP_BASE_URL=http://localhost:3000
+NEXT_PUBLIC_APP_BASE_URL=http://localhost:3000
 
 # The URL where the backend server will be accessible from the user's browser
 # [BUILD-TIME & RUNTIME] Used by the client to make API calls.
 NEXT_PUBLIC_APP_SERVER_URL=http://localhost:5000
 
 # The internal URL for the backend server, used for server-to-server communication inside Docker.
-# [RUNTIME] Used by the client's Next.js server to talk to the backend server.
+# [BUILD-TIME & RUNTIME] Used by the client's Next.js server to talk to the backend server.
 INTERNAL_APP_SERVER_URL=http://server:80
 
 # The internal URL for the client container, used for server-side self-requests
-# [RUNTIME] Used for OAuth callbacks within the Docker network.
+# [BUILD-TIME & RUNTIME] Used for OAuth callbacks within the Docker network.
 INTERNAL_CLIENT_URL=http://client:3000
 
 # The mode to run the application in
 # [BUILD-TIME & RUNTIME] Switches between Auth0 and self-host auth mode.
 NEXT_PUBLIC_ENVIRONMENT=selfhost
 
-# [BUILD-TIME & RUNTIME] A long, random, secret string. It must match SELF_HOST_AUTH_SECRET in server/.env.selfhost
+# [BUILD-TIME & RUNTIME] A long, random, secret string. It must match SELF_HOST_AUTH_SECRET in server/.env.selfhost.template
 SELF_HOST_AUTH_TOKEN=<generate_a_strong_secret_here>
 
 # --- Server (Backend) Build-Time Variables ---
 # [BUILD-TIME] Set OPENAI_API_KEY to "ollama" to install Ollama in the server container.
 # Otherwise, provide your key for a remote service.
 OPENAI_API_KEY=ollama
-# [BUILD-TIME] The model to pull if Ollama is being installed.
+# [BUILD-TIME] The model to pull if Ollama is being installed. This should match the model in the server's Modelfile.
 OPENAI_MODEL_NAME=qwen3:4b
 
+# --- Gemini API Key (for Server - Memory MCP & optional LiteLLM) ---
+# [RUNTIME] Required for memory embeddings and can be used for chat via LiteLLM.
+GEMINI_API_KEY=<your-gemini-api-key>
+
 # --- MongoDB Credentials (for Server) ---
-MONGO_USER=sentient
+MONGO_USER=test
 MONGO_PASS=<generate_a_strong_password_for_mongo>
 
 # --- PostgreSQL Credentials (for Server - Memory MCP) ---
@@ -42,4 +47,10 @@ POSTGRES_PASS=<generate_a_strong_password_for_postgres>
 POSTGRES_DB=sentient_memory_db
 
 # --- Redis Password (for Server - Celery) ---
-REDIS_PASSWORD=<generate_a_strong_password_for_redis>
+REDIS_PASSWORD=<generate_a_strong_password_for_redis>
+
+# --- WhatsApp (WAHA) Credentials (for WAHA Service) ---
+# These are used by the WAHA container for WhatsApp integration.
+WAHA_API_KEY=admin
+WAHA_DASHBOARD_USERNAME=admin
+WAHA_DASHBOARD_PASSWORD=admin

src/client/.env.selfhost.template

@@ -8,29 +8,28 @@ NEXT_PUBLIC_ENVIRONMENT=selfhost
 NEXT_PUBLIC_APP_SERVER_URL=http://localhost:5000
 
 # The internal URL for the backend server, used for server-to-server communication inside Docker.
-INTERNAL_APP_SERVER_URL=http://server:80
-
-# The internal URL for this client, used for server-side self-requests within Docker.
-INTERNAL_CLIENT_URL=http://client:3000
+# This is passed at build time and used by the Next.js server part of the client.
+INTERNAL_APP_SERVER_URL=http://server:80 # Must match the root .env
 
 # The public-facing base URL of the client application.
 APP_BASE_URL=http://localhost:3000
+NEXT_PUBLIC_APP_BASE_URL=http://localhost:3000
 
 # The static token for authenticating with the backend.
 # This MUST match the `SELF_HOST_AUTH_SECRET` in the server's .env.selfhost file.
-SELF_HOST_AUTH_TOKEN=<use_the_same_strong_secret_as_in_the_root_env>
+SELF_HOST_AUTH_TOKEN=<use_the_same_strong_secret_as_in_src/.env>
 
 # --- Database (for Server Actions) ---
 # This is the internal URI for the MongoDB service within Docker.
 # It MUST include the credentials defined in the root .env file.
-MONGO_URI=mongodb://<user_from_root_env>:<pass_from_root_env>@mongodb:27017/
-MONGO_DB_NAME=sentient_selfhost_db
+MONGO_URI=mongodb://test:<pass_from_src/.env>@mongodb:27017/
+MONGO_DB_NAME=development
 
 # Auth0 variables are not used in selfhost mode, but are kept here
 # to avoid breaking any code that might reference them before a check.
 # The build process requires them to be present in some form.
 AUTH0_SECRET=""
-AUTH0_BASE_URL="http://localhost:3000"
+APP_BASE_URL="http://localhost:3000"
 AUTH0_ISSUER_BASE_URL=""
 AUTH0_CLIENT_ID=""
 AUTH0_CLIENT_SECRET=""
@@ -41,7 +40,8 @@ AUTH0_SCOPE=""
 # If you want to enable product analytics, provide your PostHog project key.
 NEXT_PUBLIC_POSTHOG_KEY=
 # If using a self-hosted PostHog instance, provide the host URL. Otherwise, leave it empty to default to PostHog's US cloud.
-NEXT_PUBLIC_POSTHOG_HOST=
+NEXT_PUBLIC_POSTHOG_HOST= # e.g. https://us.i.posthog.com
+
 # --- PWA Push Notifications (Optional) ---
 # Generate VAPID keys using `npx web-push generate-vapid-keys` and add the public key here.
 # The private key is also needed here for Next.js Server Actions.

src/client/.env.template

@@ -3,29 +3,38 @@
 # For self-hosting, set NEXT_PUBLIC_ENVIRONMENT to selfhost and provide a secure token.
 NEXT_PUBLIC_ENVIRONMENT="AUTH0" # Can be "AUTH0" or "selfhost"
 SELF_HOST_AUTH_TOKEN="" # Must match SELF_HOST_AUTH_SECRET on the server if using selfhost mode
+APP_BASE_URL="http://localhost:3000" # The base URL of your Next.js app, where it's running
+NEXT_PUBLIC_APP_BASE_URL="http://localhost:3000" # The base URL of your Next.js app, where it's running
+NEXT_PUBLIC_APP_SERVER_URL="http://localhost:5000"
+NEXT_PUBLIC_AUTH0_NAMESPACE="https://existence.sentient/auth0"
 
-NEXT_PUBLIC_APP_SERVER_URL=
+# URL for the landing page/dashboard for billing and account management
+NEXT_PUBLIC_LANDING_PAGE_URL="http://localhost:3002"
+
+# --- Auth0 ---
 AUTH0_SECRET=
-APP_BASE_URL="http://localhost:3000"
 AUTH0_ISSUER_BASE_URL="" # Your Auth0 domain with protocol, e.g. "https://YOUR_TENANT.us.auth0.com"
 AUTH0_CLIENT_ID=
 AUTH0_DOMAIN=
 AUTH0_CLIENT_SECRET=
 AUTH0_AUDIENCE=
-AUTH0_SCOPE='openid profile email offline_access read:profile write:profile read:tasks write:tasks read:notifications read:config write:config admin:user_metadata read:contacts write:contacts'
+AUTH0_SCOPE="openid profile email offline_access read:chat write:chat read:profile write:profile manage:google_auth read:memory write:memory read:tasks write:tasks read:notifications write:notifications read:config write:config admin:user_metadata read:journal write:journal read:contacts write:contacts"
 
-# --- Database (for Server Actions) ---
-# The full connection string for your MongoDB Atlas cluster.
-MONGO_URI=
-MONGO_DB_NAME=
+# --- Database ---
+# IMPORTANT: If your password contains special characters like '@', ':', '/', or '+', you MUST URL-encode them.
+# Example: 'my@password' should become 'my%40password'.
+MONGO_URI=mongodb://localhost:27017/
+MONGO_DB_NAME=development
 
 # --- Analytics (Optional) ---
 # If you want to enable product analytics, provide your PostHog project key.
 NEXT_PUBLIC_POSTHOG_KEY=
 # If using a self-hosted PostHog instance, provide the host URL. Otherwise, leave it empty to default to PostHog's US cloud.
 NEXT_PUBLIC_POSTHOG_HOST=
+
 # --- PWA Push Notifications (Optional) ---
-# Generate VAPID keys using `npx web-push generate-vapid-keys`.
+# Generate VAPID keys using `npx web-push generate-vapid-keys` and add the public key here.
+# This MUST match the public key derived from VAPID_PRIVATE_KEY in the server's .env.
 NEXT_PUBLIC_VAPID_PUBLIC_KEY=
 VAPID_PRIVATE_KEY=
 VAPID_ADMIN_EMAIL=mailto:your-email@example.com

src/client/Dockerfile

@@ -9,8 +9,6 @@ ENV NODE_ENV=production
 
 # ---- MODIFIED SECTION ----
 # Declare all build-time arguments that your application needs.
-# Anything prefixed with NEXT_PUBLIC_ is needed for the client-side bundle.
-# Others are needed for server-side logic during the build (if any).
 ARG NEXT_PUBLIC_APP_SERVER_URL
 ARG AUTH0_SECRET
 ARG INTERNAL_APP_SERVER_URL
@@ -29,6 +27,8 @@ ARG VAPID_PRIVATE_KEY
 ARG VAPID_ADMIN_EMAIL
 ARG NEXT_PUBLIC_POSTHOG_KEY
 ARG NEXT_PUBLIC_POSTHOG_HOST
+ARG NEXT_PUBLIC_AUTH0_NAMESPACE
+ARG NEXT_PUBLIC_LANDING_PAGE_URL
 ARG NEXT_PUBLIC_VAPID_PUBLIC_KEY
 
 # Set them as environment variables for the build process
@@ -50,6 +50,8 @@ ENV MONGO_URI=$MONGO_URI
 ENV MONGO_DB_NAME=$MONGO_DB_NAME
 ENV NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY
 ENV NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST
+ENV NEXT_PUBLIC_AUTH0_NAMESPACE=$NEXT_PUBLIC_AUTH0_NAMESPACE
+ENV NEXT_PUBLIC_LANDING_PAGE_URL=$NEXT_PUBLIC_LANDING_PAGE_URL
 ENV NEXT_PUBLIC_VAPID_PUBLIC_KEY=$NEXT_PUBLIC_VAPID_PUBLIC_KEY
 # --------------------------
 
@@ -61,7 +63,6 @@ RUN npm ci
 COPY . .
 
 # Build the Next.js application for production
-# This command will now have access to all the ENV vars
 RUN npm run build
 
 

src/client/app/api/auth/refresh-session/route.js

@@ -0,0 +1,42 @@
+import { NextResponse } from "next/server"
+import { auth0 } from "@lib/auth0"
+
+// This route is only for Auth0 environments
+export async function GET(request) {
+	if (process.env.NEXT_PUBLIC_ENVIRONMENT === "selfhost") {
+		return NextResponse.json({
+			status: "ok",
+			message: "Self-host mode, no refresh needed."
+		})
+	}
+
+	const res = new NextResponse()
+
+	try {
+		const session = await auth0.getSession(request, res)
+		if (!session) {
+			return NextResponse.json(
+				{ error: "No session found" },
+				{ status: 401 }
+			)
+		}
+
+		// Force a token refresh to get new claims (like roles)
+		await auth0.getAccessToken(request, res, {
+			refresh: true
+		})
+
+		// The new session cookie is now on the `res` object.
+		// Return a success response with the new headers.
+		return NextResponse.json(
+			{ status: "ok" },
+			{ status: 200, headers: res.headers }
+		)
+	} catch (error) {
+		console.error("Error refreshing session in main app:", error.message)
+		return NextResponse.json(
+			{ error: "Failed to refresh session" },
+			{ status: 500 }
+		)
+	}
+}

src/client/app/api/chat/history/route.js

@@ -20,14 +20,21 @@ export const GET = withAuth(async function GET(request, { authHeader }) {
 	try {
 		const response = await fetch(backendUrl.toString(), {
 			method: "GET",
-			headers: { "Content-Type": "application/json", ...authHeader }
+			headers: { "Content-Type": "application/json", ...authHeader },
+			// Prevent Next.js server-side caching of this fetch
+			cache: "no-store"
 		})
 
 		const data = await response.json()
 		if (!response.ok) {
 			throw new Error(data.detail || "Failed to fetch chat history")
 		}
-		return NextResponse.json(data)
+		// Add cache-control headers to prevent browser caching of history
+		return NextResponse.json(data, {
+			headers: {
+				"Cache-Control": "no-store, max-age=0"
+			}
+		})
 	} catch (error) {
 		console.error("API Error in /chat/history:", error)
 		return NextResponse.json({ error: error.message }, { status: 500 })

src/client/app/api/chat/message/route.js

@@ -36,20 +36,20 @@ export const POST = withAuth(async function POST(request, { authHeader }) {
 		})
 
 		if (!backendResponse.ok) {
-			const errorText = await backendResponse.text()
-			let errorMessage
+			const errorText = await backendResponse
+				.text()
+				.catch(() => "Unknown backend error")
+			let errorJson = {}
 			try {
-				const errorJson = JSON.parse(errorText)
-				errorMessage =
-					errorJson.detail ||
-					errorJson.message ||
-					"Backend chat endpoint failed"
+				errorJson = JSON.parse(errorText)
 			} catch (e) {
-				errorMessage =
-					errorText ||
-					`Backend chat endpoint failed with status ${backendResponse.status}`
+				// Not a JSON error, use the raw text
 			}
-			throw new Error(errorMessage)
+			// Return the error from the backend with its original status code
+			return NextResponse.json(
+				{ detail: errorJson.detail || errorText },
+				{ status: backendResponse.status }
+			)
 		}
 
 		// Return the streaming response directly to the client
@@ -67,7 +67,7 @@ export const POST = withAuth(async function POST(request, { authHeader }) {
 	} catch (error) {
 		console.error("API Error in /chat/message:", error)
 		return NextResponse.json(
-			{ message: "Internal Server Error", error: error.message },
+			{ detail: "Internal Server Error", error: error.message },
 			{ status: 500 }
 		)
 	}

src/client/app/api/files/upload/route.js

@@ -25,14 +25,17 @@ export const POST = withAuth(async function POST(request, { authHeader }) {
 		const data = await backendResponse.json()
 
 		if (!backendResponse.ok) {
-			throw new Error(data.detail || "Failed to upload file")
+			return NextResponse.json(
+				{ error: data.detail || "Failed to upload file" },
+				{ status: backendResponse.status }
+			)
 		}
 
 		return NextResponse.json(data)
 	} catch (error) {
 		console.error("API Error in /files/upload:", error)
 		return NextResponse.json(
-			{ message: "Internal Server Error", error: error.message },
+			{ error: "Internal Server Error", details: error.message },
 			{ status: 500 }
 		)
 	}

src/client/app/api/integrations/connected/route.js

@@ -12,7 +12,8 @@ export const GET = withAuth(async function GET(request, { authHeader }) {
 		// This reuses the same backend endpoint but we will filter on the client
 		const response = await fetch(`${appServerUrl}/integrations/sources`, {
 			method: "GET",
-			headers: { "Content-Type": "application/json", ...authHeader }
+			headers: { "Content-Type": "application/json", ...authHeader },
+			cache: "no-store" // Prevent Next.js from caching this server-side fetch
 		})
 
 		const data = await response.json()