Merge branch 'staging'

Author: Kabeer2004

.gitignore

@@ -269,4 +269,5 @@ waha.sqlite3
 waha.sqlite3-shm
 waha.sqlite3-wal
 sentient_files/
-linkedin_cookies.json
+linkedin_cookies.json
+audio_debug_logs/

src/.env.selfhost.template

@@ -1,44 +1,43 @@
 # Root environment variables for docker-compose.selfhost.yaml
 # Copy this file to .env in the same directory (src/.env) and fill in the values.
 
-# --- Client (Frontend) Variables ---
-# The public-facing URL of your client application.
-# [BUILD-TIME & RUNTIME] Crucial for OAuth redirects and server-side requests.
+# --- Public URLs ---
+# These are the URLs that users will use in their browser to access the application.
+# For a standard local setup, these defaults are correct.
+# If you expose this on the internet, change localhost to your domain.
 APP_BASE_URL=http://localhost:3000
 NEXT_PUBLIC_APP_BASE_URL=http://localhost:3000
-
-# The URL where the backend server will be accessible from the user's browser
-# [BUILD-TIME & RUNTIME] Used by the client to make API calls.
 NEXT_PUBLIC_APP_SERVER_URL=http://localhost:5000
 
-# The internal URL for the backend server, used for server-to-server communication inside Docker.
-# [BUILD-TIME & RUNTIME] Used by the client's Next.js server to talk to the backend server.
+# --- Internal Docker URLs ---
+# These are for container-to-container communication and should not be changed.
 INTERNAL_APP_SERVER_URL=http://server:80
-
-# The internal URL for the client container, used for server-side self-requests
-# [BUILD-TIME & RUNTIME] Used for OAuth callbacks within the Docker network.
 INTERNAL_CLIENT_URL=http://client:3000
 
-# The mode to run the application in
-# [BUILD-TIME & RUNTIME] Switches between Auth0 and self-host auth mode.
+# --- Authentication ---
+# Sets the application to run in self-hosted mode. Do not change.
 NEXT_PUBLIC_ENVIRONMENT=selfhost
-
-# [BUILD-TIME & RUNTIME] A long, random, secret string. It must match SELF_HOST_AUTH_SECRET in server/.env.selfhost.template
+# A long, random, secret string that acts as your master password for the app.
+# It must be the same in all three .env files where it appears.
+# Generate a strong secret here (e.g., using a password manager or `openssl rand -hex 32`).
 SELF_HOST_AUTH_TOKEN=<generate_a_strong_secret_here>
 
 # --- Server (Backend) Build-Time Variables ---
 # [BUILD-TIME] Set OPENAI_API_KEY to "ollama" to install Ollama in the server container.
-# Otherwise, provide your key for a remote service.
+# This allows you to run a local LLM without needing an external API key for chat.
+# To use a remote service (like OpenAI or another provider via LiteLLM), provide your key here.
 OPENAI_API_KEY=ollama
-# [BUILD-TIME] The model to pull if Ollama is being installed. This should match the model in the server's Modelfile.
+# [BUILD-TIME] The model to pull if Ollama is being installed. This should match the model
+# in the server's Modelfile and the OPENAI_MODEL_NAME in server/.env.selfhost.
 OPENAI_MODEL_NAME=qwen3:4b
 
-# --- Gemini API Key (for Server - Memory MCP & optional LiteLLM) ---
-# [RUNTIME] Required for memory embeddings and can be used for chat via LiteLLM.
+# --- Gemini API Key (for Server - Memory & optional LiteLLM) ---
+# [RUNTIME] Required for memory embeddings and can be used for chat via the LiteLLM proxy.
+# Get this from Google AI Studio.
 GEMINI_API_KEY=<your-gemini-api-key>
 
 # --- MongoDB Credentials (for Server) ---
-MONGO_USER=test
+MONGO_USER=sentient
 MONGO_PASS=<generate_a_strong_password_for_mongo>
 
 # --- PostgreSQL Credentials (for Server - Memory MCP) ---
@@ -51,6 +50,7 @@ REDIS_PASSWORD=<generate_a_strong_password_for_redis>
 
 # --- WhatsApp (WAHA) Credentials (for WAHA Service) ---
 # These are used by the WAHA container for WhatsApp integration.
+# You can leave these as default for a local setup.
 WAHA_API_KEY=admin
 WAHA_DASHBOARD_USERNAME=admin
 WAHA_DASHBOARD_PASSWORD=admin

src/client/.env.selfhost.template

@@ -9,27 +9,28 @@ NEXT_PUBLIC_APP_SERVER_URL=http://localhost:5000
 
 # The internal URL for the backend server, used for server-to-server communication inside Docker.
 # This is passed at build time and used by the Next.js server part of the client.
-INTERNAL_APP_SERVER_URL=http://server:80 # Must match the root .env
+# It MUST match INTERNAL_APP_SERVER_URL in the root src/.env file.
+INTERNAL_APP_SERVER_URL=http://server:80
 
 # The public-facing base URL of the client application.
+# These MUST match the corresponding variables in the root src/.env file.
 APP_BASE_URL=http://localhost:3000
 NEXT_PUBLIC_APP_BASE_URL=http://localhost:3000
 
 # The static token for authenticating with the backend.
-# This MUST match the `SELF_HOST_AUTH_SECRET` in the server's .env.selfhost file.
+# This MUST match the `SELF_HOST_AUTH_TOKEN` in the root src/.env file.
 SELF_HOST_AUTH_TOKEN=<use_the_same_strong_secret_as_in_src/.env>
 
 # --- Database (for Server Actions) ---
 # This is the internal URI for the MongoDB service within Docker.
 # It MUST include the credentials defined in the root .env file.
-MONGO_URI=mongodb://test:<pass_from_src/.env>@mongodb:27017/
-MONGO_DB_NAME=development
+MONGO_URI=mongodb://sentient:<pass_from_src/.env>@mongodb:27017/
+MONGO_DB_NAME=sentient_selfhost_db
 
 # Auth0 variables are not used in selfhost mode, but are kept here
 # to avoid breaking any code that might reference them before a check.
 # The build process requires them to be present in some form.
 AUTH0_SECRET=""
-APP_BASE_URL="http://localhost:3000"
 AUTH0_ISSUER_BASE_URL=""
 AUTH0_CLIENT_ID=""
 AUTH0_CLIENT_SECRET=""

src/client/app/actions.js

@@ -68,7 +68,6 @@ export async function subscribeUser(subscription) {
 			{ upsert: true }
 		)
 
-		console.log(`[Actions] Subscription saved for user: ${userId}`)
 		return { success: true }
 	} catch (error) {
 		console.error("[Actions] Error saving subscription:", error)
@@ -95,9 +94,6 @@ export async function unsubscribeUser(endpoint) {
 			{ $pull: { "userData.pwa_subscriptions": { endpoint: endpoint } } }
 		)
 
-		console.log(
-			`[Actions] Subscription with endpoint ${endpoint} removed for user: ${userId}`
-		)
 		return { success: true }
 	} catch (error) {
 		console.error("[Actions] Error removing subscription:", error)
@@ -144,9 +140,6 @@ export async function sendNotificationToCurrentUser(payload) {
 			!Array.isArray(subscriptions) ||
 			subscriptions.length === 0
 		) {
-			console.log(
-				`[Actions] No push subscription found for user ${userId}.`
-			)
 			return { success: false, error: "No subscription found for user." }
 		}
 
@@ -156,9 +149,6 @@ export async function sendNotificationToCurrentUser(payload) {
 				.sendNotification(subscription, JSON.stringify(payload))
 				.then(() => {
 					successCount++
-					console.log(
-						`[Actions] Push notification sent successfully to endpoint for user ${userId}.`
-					)
 				})
 				.catch(async (error) => {
 					console.error(

src/client/app/api/auth/refresh-session/route.js

@@ -4,10 +4,15 @@ import { auth0 } from "@lib/auth0"
 // This route is only for Auth0 environments
 export async function GET(request) {
 	if (process.env.NEXT_PUBLIC_ENVIRONMENT === "selfhost") {
-		return NextResponse.json({
-			status: "ok",
-			message: "Self-host mode, no refresh needed."
-		})
+		return NextResponse.json(
+			{
+				status: "ok",
+				message: "Self-host mode, no refresh needed."
+			},
+			{
+				headers: { "Cache-Control": "no-store, max-age=0" }
+			}
+		)
 	}
 
 	const res = new NextResponse()
@@ -26,11 +31,13 @@ export async function GET(request) {
 			refresh: true
 		})
 
+		const newHeaders = new Headers(res.headers)
+		newHeaders.set("Cache-Control", "no-store, max-age=0")
 		// The new session cookie is now on the `res` object.
 		// Return a success response with the new headers.
 		return NextResponse.json(
 			{ status: "ok" },
-			{ status: 200, headers: res.headers }
+			{ status: 200, headers: newHeaders }
 		)
 	} catch (error) {
 		console.error("Error refreshing session in main app:", error.message)

src/client/app/api/auth/token/route.js

@@ -15,7 +15,12 @@ export async function GET() {
 				{ status: 500 }
 			)
 		}
-		return NextResponse.json({ accessToken: token })
+		return NextResponse.json(
+			{ accessToken: token },
+			{
+				headers: { "Cache-Control": "no-store, max-age=0" }
+			}
+		)
 	}
 	try {
 		const tokenResult = await auth0.getAccessToken()
@@ -27,9 +32,23 @@ export async function GET() {
 				{ status: 401 }
 			)
 		}
-		return NextResponse.json({ accessToken: token })
+		return NextResponse.json(
+			{ accessToken: token },
+			{
+				headers: { "Cache-Control": "no-store, max-age=0" }
+			}
+		)
 	} catch (error) {
 		console.error("Error in /api/auth/token:", error)
+		// If the error is specifically because of a missing session,
+		// return a 401 Unauthorized status, which is more appropriate
+		// and allows the client to handle it by redirecting to login.
+		if (error.code === "missing_session") {
+			return NextResponse.json(
+				{ message: error.message },
+				{ status: 401 }
+			)
+		}
 		return NextResponse.json(
 			{ message: "Internal Server Error", error: error.message },
 			{ status: 500 }

src/client/app/api/chat/message/route.js

@@ -6,6 +6,16 @@ const appServerUrl =
 		? process.env.INTERNAL_APP_SERVER_URL
 		: process.env.NEXT_PUBLIC_APP_SERVER_URL
 
+// Increase the body size limit for this specific route to handle large chat histories.
+// The default is 4MB, which can be exceeded if the context window includes large messages.
+export const config = {
+	api: {
+		bodyParser: {
+			sizeLimit: "10mb" // Set to match the Nginx limit
+		}
+	}
+}
+
 export const POST = withAuth(async function POST(request, { authHeader }) {
 	try {
 		const { messages } = await request.json()

src/client/app/api/files/download/[...filename]/route.js

@@ -53,7 +53,8 @@ export const GET = withAuth(async function GET(
 			status: 200,
 			headers: {
 				"Content-Type": "application/octet-stream",
-				"Content-Disposition": `attachment; filename="${filename}"`
+				"Content-Disposition": `attachment; filename="${filename}"`,
+				"Cache-Control": "no-store, max-age=0"
 			}
 		})
 	} catch (error) {

src/client/app/api/files/list/route.js

@@ -17,7 +17,9 @@ export const GET = withAuth(async function GET(request, { authHeader }) {
 		if (!response.ok) {
 			throw new Error(data.detail || "Failed to list files")
 		}
-		return NextResponse.json(data)
+		return NextResponse.json(data, {
+			headers: { "Cache-Control": "no-store, max-age=0" }
+		})
 	} catch (error) {
 		console.error("API Error in /files/list:", error)
 		return NextResponse.json({ error: error.message }, { status: 500 })

src/client/app/api/integrations/connected/route.js

@@ -20,7 +20,9 @@ export const GET = withAuth(async function GET(request, { authHeader }) {
 		if (!response.ok) {
 			throw new Error(data.detail || "Failed to fetch integrations")
 		}
-		return NextResponse.json(data)
+		return NextResponse.json(data, {
+			headers: { "Cache-Control": "no-store, max-age=0" }
+		})
 	} catch (error) {
 		console.error("API Error in /integrations/connected:", error)
 		return NextResponse.json({ error: error.message }, { status: 500 })