fix: updates for self-hosting

Author: itsskofficial

src/.env.selfhost.template

@@ -1,44 +1,43 @@
 # Root environment variables for docker-compose.selfhost.yaml
 # Copy this file to .env in the same directory (src/.env) and fill in the values.
 
-# --- Client (Frontend) Variables ---
-# The public-facing URL of your client application.
-# [BUILD-TIME & RUNTIME] Crucial for OAuth redirects and server-side requests.
+# --- Public URLs ---
+# These are the URLs that users will use in their browser to access the application.
+# For a standard local setup, these defaults are correct.
+# If you expose this on the internet, change localhost to your domain.
 APP_BASE_URL=http://localhost:3000
 NEXT_PUBLIC_APP_BASE_URL=http://localhost:3000
-
-# The URL where the backend server will be accessible from the user's browser
-# [BUILD-TIME & RUNTIME] Used by the client to make API calls.
 NEXT_PUBLIC_APP_SERVER_URL=http://localhost:5000
 
-# The internal URL for the backend server, used for server-to-server communication inside Docker.
-# [BUILD-TIME & RUNTIME] Used by the client's Next.js server to talk to the backend server.
+# --- Internal Docker URLs ---
+# These are for container-to-container communication and should not be changed.
 INTERNAL_APP_SERVER_URL=http://server:80
-
-# The internal URL for the client container, used for server-side self-requests
-# [BUILD-TIME & RUNTIME] Used for OAuth callbacks within the Docker network.
 INTERNAL_CLIENT_URL=http://client:3000
 
-# The mode to run the application in
-# [BUILD-TIME & RUNTIME] Switches between Auth0 and self-host auth mode.
+# --- Authentication ---
+# Sets the application to run in self-hosted mode. Do not change.
 NEXT_PUBLIC_ENVIRONMENT=selfhost
-
-# [BUILD-TIME & RUNTIME] A long, random, secret string. It must match SELF_HOST_AUTH_SECRET in server/.env.selfhost.template
+# A long, random, secret string that acts as your master password for the app.
+# It must be the same in all three .env files where it appears.
+# Generate a strong secret here (e.g., using a password manager or `openssl rand -hex 32`).
 SELF_HOST_AUTH_TOKEN=<generate_a_strong_secret_here>
 
 # --- Server (Backend) Build-Time Variables ---
 # [BUILD-TIME] Set OPENAI_API_KEY to "ollama" to install Ollama in the server container.
-# Otherwise, provide your key for a remote service.
+# This allows you to run a local LLM without needing an external API key for chat.
+# To use a remote service (like OpenAI or another provider via LiteLLM), provide your key here.
 OPENAI_API_KEY=ollama
-# [BUILD-TIME] The model to pull if Ollama is being installed. This should match the model in the server's Modelfile.
+# [BUILD-TIME] The model to pull if Ollama is being installed. This should match the model
+# in the server's Modelfile and the OPENAI_MODEL_NAME in server/.env.selfhost.
 OPENAI_MODEL_NAME=qwen3:4b
 
-# --- Gemini API Key (for Server - Memory MCP & optional LiteLLM) ---
-# [RUNTIME] Required for memory embeddings and can be used for chat via LiteLLM.
+# --- Gemini API Key (for Server - Memory & optional LiteLLM) ---
+# [RUNTIME] Required for memory embeddings and can be used for chat via the LiteLLM proxy.
+# Get this from Google AI Studio.
 GEMINI_API_KEY=<your-gemini-api-key>
 
 # --- MongoDB Credentials (for Server) ---
-MONGO_USER=test
+MONGO_USER=sentient
 MONGO_PASS=<generate_a_strong_password_for_mongo>
 
 # --- PostgreSQL Credentials (for Server - Memory MCP) ---
@@ -51,6 +50,7 @@ REDIS_PASSWORD=<generate_a_strong_password_for_redis>
 
 # --- WhatsApp (WAHA) Credentials (for WAHA Service) ---
 # These are used by the WAHA container for WhatsApp integration.
+# You can leave these as default for a local setup.
 WAHA_API_KEY=admin
 WAHA_DASHBOARD_USERNAME=admin
 WAHA_DASHBOARD_PASSWORD=admin

src/client/.env.selfhost.template

@@ -9,27 +9,28 @@ NEXT_PUBLIC_APP_SERVER_URL=http://localhost:5000
 
 # The internal URL for the backend server, used for server-to-server communication inside Docker.
 # This is passed at build time and used by the Next.js server part of the client.
-INTERNAL_APP_SERVER_URL=http://server:80 # Must match the root .env
+# It MUST match INTERNAL_APP_SERVER_URL in the root src/.env file.
+INTERNAL_APP_SERVER_URL=http://server:80
 
 # The public-facing base URL of the client application.
+# These MUST match the corresponding variables in the root src/.env file.
 APP_BASE_URL=http://localhost:3000
 NEXT_PUBLIC_APP_BASE_URL=http://localhost:3000
 
 # The static token for authenticating with the backend.
-# This MUST match the `SELF_HOST_AUTH_SECRET` in the server's .env.selfhost file.
+# This MUST match the `SELF_HOST_AUTH_TOKEN` in the root src/.env file.
 SELF_HOST_AUTH_TOKEN=<use_the_same_strong_secret_as_in_src/.env>
 
 # --- Database (for Server Actions) ---
 # This is the internal URI for the MongoDB service within Docker.
 # It MUST include the credentials defined in the root .env file.
-MONGO_URI=mongodb://test:<pass_from_src/.env>@mongodb:27017/
-MONGO_DB_NAME=development
+MONGO_URI=mongodb://sentient:<pass_from_src/.env>@mongodb:27017/
+MONGO_DB_NAME=sentient_selfhost_db
 
 # Auth0 variables are not used in selfhost mode, but are kept here
 # to avoid breaking any code that might reference them before a check.
 # The build process requires them to be present in some form.
 AUTH0_SECRET=""
-APP_BASE_URL="http://localhost:3000"
 AUTH0_ISSUER_BASE_URL=""
 AUTH0_CLIENT_ID=""
 AUTH0_CLIENT_SECRET=""

src/client/components/LayoutWrapper.js

@@ -550,6 +550,7 @@ export default function LayoutWrapper({ children }) {
 	const [isSearchOpen, setSearchOpen] = useState(false)
 	const [isMobileNavOpen, setMobileNavOpen] = useState(false)
 	const [unreadCount, setUnreadCount] = useState(0)
+	const [user, setUser] = useState(null) // Unified user state
 	const [notifRefreshKey, setNotifRefreshKey] = useState(0)
 	const [userDetails, setUserDetails] = useState(null)
 	const wsRef = useRef(null)
@@ -566,7 +567,7 @@ export default function LayoutWrapper({ children }) {
 		isHighlightPaused: false
 	})
 	const chatActionsRef = useRef(null)
-	const pathname = usePathname()
+	const pathname = usePathname() // eslint-disable-line
 	const router = useRouter()
 
 	const skipTour = useCallback(() => {
@@ -820,7 +821,11 @@ export default function LayoutWrapper({ children }) {
 		}
 	]
 
-	const { user, error: authError, isLoading: isAuthLoading } = useUser()
+	const {
+		user: auth0User,
+		error: authError,
+		isLoading: isAuthLoading
+	} = useUser()
 
 	const [isLoading, setIsLoading] = useState(true)
 	const [isAllowed, setIsAllowed] = useState(false)
@@ -912,10 +917,10 @@ export default function LayoutWrapper({ children }) {
 	const showNav = !["/", "/onboarding"].includes(pathname)
 
 	useEffect(() => {
-		if (user && posthog) {
-			posthog.identify(user.sub, {
-				name: user.name,
-				email: user.email
+		if (auth0User && posthog) {
+			posthog.identify(auth0User.sub, {
+				name: auth0User.name,
+				email: auth0User.email
 			})
 
 			// --- NEW: Fetch custom properties and set PostHog groups ---
@@ -967,7 +972,7 @@ export default function LayoutWrapper({ children }) {
 			fetchAndSetUserGroups()
 			// --- END NEW ---
 		}
-	}, [user, posthog])
+	}, [auth0User, posthog])
 
 	useEffect(() => {
 		const paymentStatus = searchParams.get("payment_status")
@@ -1031,39 +1036,55 @@ export default function LayoutWrapper({ children }) {
 			return
 		}
 
-		if (isAuthLoading) return
+		const checkStatus = async () => {
+			// --- SELF-HOST AUTH LOGIC ---
+			if (process.env.NEXT_PUBLIC_ENVIRONMENT === "selfhost") {
+				try {
+					const res = await fetch("/api/user/profile")
+					if (res.ok) {
+						const selfHostUser = await res.json()
+						setUser(selfHostUser) // Set the unified user state
+						setIsAllowed(true)
+					} else {
+						throw new Error(
+							"Failed to fetch self-host user profile."
+						)
+					}
+				} catch (error) {
+					toast.error(error.message)
+					setIsAllowed(false)
+				} finally {
+					setIsLoading(false)
+				}
+				return
+			}
 
-		if (authError) {
-			toast.error("Session error. Redirecting to login.", {
-				id: "auth-error"
-			})
-			router.push("/auth/login")
-			return
-		}
+			// --- AUTH0 AUTH LOGIC ---
+			if (isAuthLoading) return
 
-		if (!user) {
-			// This handles the case where the user logs out.
-			router.push("/auth/login")
-			return
-		}
+			if (authError) {
+				toast.error(
+					`Session error: ${authError.message}. Redirecting to login.`,
+					{ id: "auth-error" }
+				)
+				router.push("/api/auth/login")
+				return
+			}
+
+			if (!auth0User) {
+				router.push("/api/auth/login")
+				return
+			}
+
+			setUser(auth0User) // Set the unified user state
 
-		const checkStatus = async () => {
-			// No need to set isLoading(true) here, it's already true by default.
 			try {
 				const res = await fetch("/api/user/data", { method: "POST" })
 				if (!res.ok) throw new Error("Could not verify user status.")
 				const result = await res.json()
-				const data = result?.data || {}
-
-				const onboardingComplete = data.onboardingComplete
-
-				if (!onboardingComplete) {
-					toast.error("Please complete onboarding first.", {
-						id: "onboarding-check"
-					})
+				if (!result?.data?.onboardingComplete) {
 					router.push("/onboarding")
 				} else {
-					// User is fully onboarded and profile is complete.
 					setIsAllowed(true)
 				}
 			} catch (error) {
@@ -1075,7 +1096,7 @@ export default function LayoutWrapper({ children }) {
 		}
 
 		checkStatus()
-	}, [pathname, router, showNav, user, authError, isAuthLoading]) // Reruns on navigation
+	}, [showNav, auth0User, isAuthLoading, authError, router])
 
 	const handleNotificationsOpen = useCallback(() => {
 		setNotificationsOpen(true)
@@ -1294,8 +1315,8 @@ export default function LayoutWrapper({ children }) {
 	}, [])
 
 	useEffect(() => {
-		if (showNav && userDetails?.sub) subscribeToPushNotifications()
-	}, [showNav, userDetails, subscribeToPushNotifications])
+		if (showNav && user?.sub) subscribeToPushNotifications()
+	}, [showNav, user, subscribeToPushNotifications])
 
 	// Define shortcuts after all their callback dependencies are defined
 	useGlobalShortcuts(
@@ -1325,14 +1346,14 @@ export default function LayoutWrapper({ children }) {
 		<PlanContext.Provider
 			value={{
 				plan: (
-					user?.[
+					auth0User?.[
 						`${process.env.NEXT_PUBLIC_AUTH0_NAMESPACE}/roles`
 					] || []
 				).includes("Pro")
 					? "pro"
 					: "free",
 				isPro: (
-					user?.[
+					auth0User?.[
 						`${process.env.NEXT_PUBLIC_AUTH0_NAMESPACE}/roles`
 					] || []
 				).includes("Pro"),

src/docker-compose.selfhost.yml

@@ -102,7 +102,7 @@ services:
 
     # WAHA (WhatsApp HTTP API) Service
     waha:
-        image: itsskofficial/waha-multisession
+        image: devlikeapro/waha
         container_name: sentient-waha-selfhost
         restart: unless-stopped
         volumes: