From f46f4dd552d9497f60ca78a159cef70579dd929c Mon Sep 17 00:00:00 2001
From: WhiteX <arpad.szucs@gmail.com>
Date: Sat, 14 Jun 2025 10:18:11 +0300
Subject: [PATCH] feat: remove domain isolation scripts and related components
 for cleanup

---
 Dockerfile_coolify                         | 147 ++++++++++-----------
 apps/web/components/Avatar/SafeAvatar.tsx  |  60 ---------
 apps/web/middleware.js                     |  72 ----------
 apps/web/pages/_document.js                |  22 ---
 apps/web/public/api-response-sanitizer.js  |  94 -------------
 apps/web/public/domain-isolation-loader.js |  82 ------------
 apps/web/tsconfig.build.json               |  19 ---
 apps/web/utils/apiClient.js                |  59 ---------
 apps/web/utils/runtimeConfig.js            |  52 --------
 extra/api-interceptor.js                   |  97 --------------
 extra/api-response-sanitizer.js            |  93 -------------
 extra/domain-isolation-loader.js           |  82 ------------
 extra/runtime-config-start.sh              |  31 -----
 13 files changed, 73 insertions(+), 837 deletions(-)
 delete mode 100644 apps/web/components/Avatar/SafeAvatar.tsx
 delete mode 100644 apps/web/middleware.js
 delete mode 100644 apps/web/pages/_document.js
 delete mode 100644 apps/web/public/api-response-sanitizer.js
 delete mode 100644 apps/web/public/domain-isolation-loader.js
 delete mode 100644 apps/web/tsconfig.build.json
 delete mode 100644 apps/web/utils/apiClient.js
 delete mode 100644 apps/web/utils/runtimeConfig.js
 delete mode 100644 extra/api-interceptor.js
 delete mode 100644 extra/api-response-sanitizer.js
 delete mode 100644 extra/domain-isolation-loader.js
 delete mode 100755 extra/runtime-config-start.sh

diff --git a/Dockerfile_coolify b/Dockerfile_coolify
index 4c300d9a..5116dcf5 100644
--- a/Dockerfile_coolify
+++ b/Dockerfile_coolify
@@ -13,8 +13,41 @@ RUN curl -fsSL https://deb.nodesource.com/setup_21.x | bash - \
     && npm install -g corepack pm2
 
 # Frontend Build
-FROM base AS deps
+FROM base AS builder
 
+WORKDIR /app/web
+
+# Install dependencies based on the preferred package manager
+COPY ./apps/web/package.json ./apps/web/pnpm-lock.yaml* ./apps/web/.npmrc* ./
+# Omit --production flag for TypeScript devDependencies
+RUN \
+  if [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm i --frozen-lockfile; \
+  elif [ -f package-lock.json ]; then npm ci; \
+  else echo "Warning: Lockfile not found. It is recommended to commit lockfiles to version control." && npm install; \
+  fi
+
+COPY ./apps/web/app ./app
+COPY ./apps/web/components ./components
+COPY ./apps/web/hooks ./hooks
+COPY ./apps/web/lib ./lib
+COPY ./apps/web/pages ./pages
+COPY ./apps/web/public ./public
+COPY ./apps/web/services ./services
+COPY ./apps/web/styles ./styles
+COPY ./apps/web/types ./types
+COPY ./apps/web/utils ./utils
+COPY ./apps/web/next.config.js .
+COPY ./apps/web/tsconfig.json .
+COPY ./apps/web/tailwind.config.js .
+COPY ./apps/web/postcss.config.js .
+COPY ./apps/web/components.json .
+COPY ./apps/web/middleware.ts .
+COPY ./apps/web/instrumentation.ts .
+
+# Remove any environment files that might interfere
+RUN rm -f .env*
+
+# Environment variables must be present at build time
 ARG NEXT_PUBLIC_LEARNHOUSE_API_URL
 ARG NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL
 ARG NEXT_PUBLIC_LEARNHOUSE_DOMAIN
@@ -29,63 +62,16 @@ ENV NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG=${NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG}
 ENV NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG=${NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG}
 ENV NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN=${NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN}
 
-WORKDIR /app/web
-COPY ./apps/web/package.json ./apps/web/pnpm-lock.yaml* ./
-COPY ./extra/patch-typescript.sh /app/patch-typescript.sh
-COPY ./apps/web /app/web
-RUN rm -f .env*
+# Next.js collects completely anonymous telemetry data about general usage
+# Disable telemetry at build time
+ENV NEXT_TELEMETRY_DISABLED 1
 
-# Patch TypeScript issues using our comprehensive script
-RUN chmod +x /app/patch-typescript.sh && /app/patch-typescript.sh
-
-# Create a modified next.config.js that completely disables type checking
-RUN if [ -f next.config.js ]; then \
-      cat next.config.js > next.config.js.bak && \
-      echo "console.log('Using custom Next.js config with TypeScript checking disabled');" > next.config.js && \
-      echo "const originalConfig = require('./next.config.js.bak');" >> next.config.js && \
-      echo "module.exports = {" >> next.config.js && \
-      echo "  ...originalConfig," >> next.config.js && \
-      echo "  typescript: { ignoreBuildErrors: true }," >> next.config.js && \
-      echo "  eslint: { ignoreDuringBuilds: true }," >> next.config.js && \
-      echo "  webpack: (config, options) => {" >> next.config.js && \
-      echo "    config.infrastructureLogging = { level: 'error' };" >> next.config.js && \
-      echo "    if (originalConfig.webpack) {" >> next.config.js && \
-      echo "      return originalConfig.webpack(config, options);" >> next.config.js && \
-      echo "    }" >> next.config.js && \
-      echo "    return config;" >> next.config.js && \
-      echo "  }" >> next.config.js && \
-      echo "};" >> next.config.js; \
-    else \
-      echo "console.log('Creating new Next.js config with TypeScript checking disabled');" > next.config.js && \
-      echo "module.exports = {" >> next.config.js && \
-      echo "  typescript: { ignoreBuildErrors: true }," >> next.config.js && \
-      echo "  eslint: { ignoreDuringBuilds: true }," >> next.config.js && \
-      echo "  webpack: (config) => {" >> next.config.js && \
-      echo "    config.infrastructureLogging = { level: 'error' };" >> next.config.js && \
-      echo "    return config;" >> next.config.js && \
-      echo "  }" >> next.config.js && \
-      echo "};" >> next.config.js; \
-    fi
-
-# Allow build to continue with type errors
-RUN if [ -f pnpm-lock.yaml ]; then \
-      corepack enable pnpm && \
-      pnpm i --frozen-lockfile && \
-      pnpm add @types/react@latest @types/node@latest next-navigation@latest typescript@latest --save-dev && \
-      echo '{ "scripts": { "build:ignore-ts": "NEXT_TELEMETRY_DISABLED=1 SKIP_TYPE_CHECK=true TS_NODE_TRANSPILE_ONLY=true next build" } }' > .npmrc-scripts.json && \
-      pnpm pkg set scripts.build:ignore-ts="NEXT_TELEMETRY_DISABLED=1 SKIP_TYPE_CHECK=true TS_NODE_TRANSPILE_ONLY=true next build" && \
-      NODE_OPTIONS=--max-old-space-size=6144 NEXT_IGNORE_TYPE_ERROR=true SKIP_TYPE_CHECK=true TS_NODE_TRANSPILE_ONLY=true pnpm run build:ignore-ts; \
-    else echo "Lockfile not found." && exit 1; \
-    fi
-
-# Make sure the images directory exists in public folder with a placeholder avatar
-RUN mkdir -p /app/web/public/images && \
-    echo "iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAABmJLR0QA/wD/AP+gvaeTAAADc0lEQVRoge2ZS0hUURjHf2fGcSaViDSJoKKSoiAzaGE9VrXIjRZBm2hVRG2iB0SPVUW7IM0ehLWIdlYQQY+FipWZWj0siJ60ygiziGye8870cWfuPJ1774yO9v/g4pz7+L7z/b/vnnvuOQMtWrT4lxH/OkHQWlpfqdedlo5T49wl1V9eclXkSLCtXeGDNvL5AFwoaa0CXhX0Qdpup8L7ddeiFNlL9gJLbOMCuOWkPXfSGvFvLWlLgAceUwFccdIGnbRG/HuB0x66KcBxJ21RmbsGOA/oveTx75YjwJMKthFgk5N2DICTNiJ8tmnGNdc7acNeOW3jw062J/Cu2HAKmOmkDQggpXxnGy4A9rhpRw5vZBJQWrEYs1qclECn/ekuYIHLbsSN+0CldLZhvQtnaQ7uEVXXgRNSytlCyhe28XrgdgMmcUWpdJr/5CRErbQe2GQbv6CUej0+Pl5XDD/UXQMKdVhpx4AO4KpS6pVdJ6X8KIR4YhveAOxvyGyOKDUBwKuXFxXwAdghhLhn1wkh7hGsEVv9DF4pTsmIMnz6M3mAZUqpm1LKjN1HSvm8XC5fsY0vBY7OH2p0pGJMtwExgA3AGSnlErvO5/M9EkI8tw3vALY3alSVT8mINhznfSNm3wFb/g+0ULIGNQ3a7wZ6hRDdNl1BKbVfCPHWNn4A2Duz2cwCLUMa9GnB7/evklKuUEq9K5VK72dmZsrVtKVSaSkwB3gqhPjmdW4t0DIkzuQdWnGMrvMZdFQxNniMrgDvMrDdQXcAOBTFtypp6SsZkDMg40DGOMZ0+ON0A1uBJNAP9ETxbwhaNgETZkUlwLqI/o1By1YgbdRfBvZE9G8MWnYAl4z664DvX/AJA1qeNupHgb1R/BuDlgfR923AL8w7HImwA2vpNRq/MO9wJMIOLKRH4x4GOqP4NwYt0/b5Y8DhiP6NQcvzRv0VYF8U/8agZR+Qwpw/tkfxbwxa7gLOovn9wN4o/g1By7TZWag+hzQctHwe7T2EudJrCUJDy3NgqGVIg/4RsMUFeYeWwE2rDoxhLvMqbAeOT/fkzYGJsNORT4tn+HzAHvSHAe0I4W7ZMA5cLBaLw+l0Op/L5Ubz+fw787ex6bpbNLuUT6Ct7Z4QYgnQabQV0BMuhxDilVKqh/8gYLO02q92i/8sPwESO6wpKl0UfgAAAABJRU5ErkJggg==" | base64 -d > /app/web/public/images/empty_avatar.png
-
-# Copy domain isolation scripts to public directory
-COPY ./extra/api-interceptor.js /app/web/public/api-interceptor.js
-COPY ./extra/api-response-sanitizer.js /app/web/public/api-response-sanitizer.js
-COPY ./extra/domain-isolation-loader.js /app/web/public/domain-isolation-loader.js
+# Build Next.js based on the preferred package manager
+RUN \
+  if [ -f pnpm-lock.yaml ]; then pnpm build; \
+  elif [ -f package-lock.json ]; then npm run build; \
+  else npm run build; \
+  fi
 
 # Final image
 FROM base AS runner
@@ -93,20 +79,39 @@ RUN addgroup --system --gid 1001 system \
     && adduser --system --uid 1001 app \
     && mkdir .next \
     && chown app:system .next
-COPY --from=deps /app/web/public ./app/web/public
-COPY --from=deps --chown=app:system /app/web/.next/standalone ./app/web/
-COPY --from=deps --chown=app:system /app/web/.next/static ./app/web/.next/static
+
+COPY --from=builder /app/web/public ./app/web/public
+
+# Automatically leverage output traces to reduce image size
+# https://nextjs.org/docs/advanced-features/output-file-tracing  
+COPY --from=builder --chown=app:system /app/web/.next/standalone ./app/web/
+COPY --from=builder --chown=app:system /app/web/.next/static ./app/web/.next/static
+
+# Environment variables must be redefined at run time
+ARG NEXT_PUBLIC_LEARNHOUSE_API_URL
+ARG NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL
+ARG NEXT_PUBLIC_LEARNHOUSE_DOMAIN
+ARG NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG
+ARG NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG
+ARG NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN
+
+ENV NEXT_PUBLIC_LEARNHOUSE_API_URL=${NEXT_PUBLIC_LEARNHOUSE_API_URL}
+ENV NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL=${NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL}
+ENV NEXT_PUBLIC_LEARNHOUSE_DOMAIN=${NEXT_PUBLIC_LEARNHOUSE_DOMAIN}
+ENV NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG=${NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG}
+ENV NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG=${NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG}
+ENV NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN=${NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN}
 
 # Backend Build
 WORKDIR /app/api
-COPY ./apps/api/pyproject.toml ./
 COPY ./apps/api/uv.lock ./
+COPY ./apps/api/pyproject.toml ./
 
-# Install dependencies with proper flags and fallback to pip if needed
+# Install dependencies with uv (fallback to pip if needed)
 RUN pip install --upgrade pip && \
     pip install uv && \
-    (uv pip sync --system --python=python3.12 || pip install -e .) && \
-    pip install uvicorn  # Ensure at least the ASGI server is available
+    (uv sync --system || pip install -e .) && \
+    pip install uvicorn
 
 COPY ./apps/api ./
 
@@ -115,15 +120,9 @@ WORKDIR /app
 COPY ./extra/nginx.conf /etc/nginx/conf.d/default.conf
 ENV PORT=80 LEARNHOUSE_PORT=9000 HOSTNAME=0.0.0.0
 COPY ./extra/start.sh /app/start.sh
-COPY ./extra/runtime-config-start.sh /app/runtime-config-start.sh
 
-# Make the runtime script executable
-RUN chmod +x /app/start.sh && chmod +x /app/runtime-config-start.sh
+# Make the start script executable
+RUN chmod +x /app/start.sh
 
-# Ensure the isolation scripts are available in the runner stage
-COPY ./extra/api-interceptor.js /app/extra/api-interceptor.js
-COPY ./extra/api-response-sanitizer.js /app/extra/api-response-sanitizer.js
-COPY ./extra/domain-isolation-loader.js /app/extra/domain-isolation-loader.js
-
-# Use the runtime config script
-CMD ["/app/runtime-config-start.sh"]
\ No newline at end of file
+# Use the start script
+CMD ["sh", "/app/start.sh"]
\ No newline at end of file
diff --git a/apps/web/components/Avatar/SafeAvatar.tsx b/apps/web/components/Avatar/SafeAvatar.tsx
deleted file mode 100644
index 9f05769a..00000000
--- a/apps/web/components/Avatar/SafeAvatar.tsx
+++ /dev/null
@@ -1,60 +0,0 @@
-import React from 'react'
-import Image from 'next/image'
-
-interface SafeAvatarProps {
-  src?: string
-  alt: string
-  size?: number
-  className?: string
-}
-
-/**
- * SafeAvatar component that ensures correct domain for avatar images
- */
-const SafeAvatar: React.FC<SafeAvatarProps> = ({ 
-  src, 
-  alt, 
-  size = 40, 
-  className 
-}) => {
-  // Default empty avatar path that uses relative URL (domain-safe)
-  const defaultAvatarSrc = '/images/empty_avatar.png'
-  
-  // Handle potentially cross-domain avatar URLs
-  const sanitizedSrc = React.useMemo(() => {
-    if (!src) return defaultAvatarSrc
-    
-    try {
-      // Check if the URL has a domain
-      const url = new URL(src, window.location.origin)
-      
-      // If the URL is from a different domain, use the default avatar
-      if (url.hostname !== window.location.hostname) {
-        console.warn(`[SafeAvatar] Detected cross-domain avatar: ${src}`)
-        return defaultAvatarSrc
-      }
-      
-      return src
-    } catch (e) {
-      // If parsing fails, just use the src as is (could be a relative path)
-      return src
-    }
-  }, [src])
-  
-  return (
-    <Image
-      src={sanitizedSrc}
-      alt={alt}
-      width={size}
-      height={size}
-      className={className}
-      onError={(e) => {
-        // If image fails to load, fallback to default
-        const target = e.target as HTMLImageElement
-        target.src = defaultAvatarSrc
-      }}
-    />
-  )
-}
-
-export default SafeAvatar
\ No newline at end of file
diff --git a/apps/web/middleware.js b/apps/web/middleware.js
deleted file mode 100644
index 5c143ba7..00000000
--- a/apps/web/middleware.js
+++ /dev/null
@@ -1,72 +0,0 @@
-import { NextResponse } from 'next/server';
-
-// This middleware runs on every request
-export function middleware(request) {
-  // Get the current hostname from the request headers
-  const currentHostname = request.headers.get('host');
-  
-  // Always inspect for cross-domain requests regardless of referrer
-  const url = request.nextUrl.clone();
-  const path = url.pathname;
-  
-  // Check for common patterns that might indicate cross-domain content
-  // 1. Handle image files that might be requested from the wrong domain
-  if (path.endsWith('.png') || path.endsWith('.jpg') || path.endsWith('.jpeg') || 
-      path.endsWith('.gif') || path.endsWith('.webp') || path.endsWith('.svg')) {
-    // Ensure image path is properly routed to current domain
-    if (path.includes('empty_avatar.png')) {
-      console.log(`Intercepting image request: ${path}`);
-      // Rewrite all empty_avatar.png requests to use the local domain
-      return NextResponse.rewrite(new URL(`/images/empty_avatar.png`, request.url));
-    }
-  }
-  
-  // 2. Check if request is going to the wrong domain through API path
-  if (path.includes('/api/') && request.headers.has('referer')) {
-    const refererUrl = new URL(request.headers.get('referer'));
-    // If referer domain doesn't match the requested API domain, redirect
-    if (refererUrl.hostname !== currentHostname) {
-      console.log(`Redirecting cross-domain API request: ${path}`);
-      const newUrl = new URL(path, `https://${currentHostname}`);
-      return NextResponse.redirect(newUrl);
-    }
-  }
-
-  // Get the referrer URL if it exists
-  const referer = request.headers.get('referer');
-
-  // If there is a referrer, check if it's from a different domain
-  if (referer) {
-    try {
-      const refererUrl = new URL(referer);
-      const refererHostname = refererUrl.hostname;
-
-      // If the referrer hostname doesn't match the current hostname
-      if (refererHostname !== currentHostname) {
-        console.log(`Cross-domain request detected: ${refererHostname} -> ${currentHostname}`);
-        
-        // For path segments that might include another domain
-        if (path.includes('/next/static/') || path.includes('/api/')) {
-          // Ensure all paths use the current hostname
-          // This prevents asset URL problems when different hostnames appear in the path
-          const localPath = path.replace(/https?:\/\/[^\/]+/, '');
-          url.pathname = localPath;
-          return NextResponse.rewrite(url);
-        }
-      }
-    } catch (e) {
-      console.error('Error processing referer in middleware:', e);
-    }
-  }
-
-  // Continue with the request as normal
-  return NextResponse.next();
-}
-
-// Configure which paths this middleware will run on
-export const config = {
-  matcher: [
-    // Apply to all paths
-    '/:path*',
-  ],
-};
\ No newline at end of file
diff --git a/apps/web/pages/_document.js b/apps/web/pages/_document.js
deleted file mode 100644
index efb49dbf..00000000
--- a/apps/web/pages/_document.js
+++ /dev/null
@@ -1,22 +0,0 @@
-import { Html, Head, Main, NextScript } from 'next/document';
-
-export default function Document() {
-  return (
-    <Html lang="en">
-      <Head>
-        {/* Load domain isolation loader first - immediate protection */}
-        <script src="/domain-isolation-loader.js" strategy="beforeInteractive" />
-        {/* Load runtime configuration */}
-        <script src="/runtime-config.js" strategy="beforeInteractive" />
-        {/* Load comprehensive API interceptor */}
-        <script src="/api-interceptor.js" strategy="beforeInteractive" />
-        {/* Load API response sanitizer */}
-        <script src="/api-response-sanitizer.js" strategy="beforeInteractive" />
-      </Head>
-      <body>
-        <Main />
-        <NextScript />
-      </body>
-    </Html>
-  );
-}
\ No newline at end of file
diff --git a/apps/web/public/api-response-sanitizer.js b/apps/web/public/api-response-sanitizer.js
deleted file mode 100644
index 22d866c9..00000000
--- a/apps/web/public/api-response-sanitizer.js
+++ /dev/null
@@ -1,94 +0,0 @@
-/**
- * API Response Sanitizer
- * 
- * This script specifically handles API responses to ensure they don't contain
- * URLs pointing to the wrong domain.
- */
-(function() {
-  console.log('[Domain Isolation] Installing API response sanitizer...');
-  
-  // Save reference to the original fetch
-  const originalFetch = window.fetch;
-
-  /**
-   * Recursively sanitize objects to replace URLs from wrong domains
-   */
-  function sanitizeObject(obj, currentDomain) {
-    if (!obj || typeof obj !== 'object') return obj;
-    
-    // Handle arrays
-    if (Array.isArray(obj)) {
-      return obj.map(item => sanitizeObject(item, currentDomain));
-    }
-    
-    // Handle objects
-    const result = {};
-    
-    for (const [key, value] of Object.entries(obj)) {
-      // Check if this is a URL string value
-      if (typeof value === 'string' && 
-          (value.startsWith('http://') || value.startsWith('https://'))) {
-        try {
-          const url = new URL(value);
-          if (url.hostname !== currentDomain && 
-              !url.hostname.includes('api-gateway.umami.dev')) {
-            console.log(`[Sanitizer] Found cross-domain URL: ${value}`);
-            const newValue = value.replace(url.hostname, currentDomain);
-            result[key] = newValue;
-            continue;
-          }
-        } catch (e) {
-          // Not a valid URL, keep original value
-        }
-      }
-      
-      // Process nested objects/arrays
-      if (value && typeof value === 'object') {
-        result[key] = sanitizeObject(value, currentDomain);
-      } else {
-        result[key] = value;
-      }
-    }
-    
-    return result;
-  }
-  
-  // Override fetch to sanitize responses
-  window.fetch = async function(...args) {
-    const currentDomain = window.location.hostname;
-    
-    // Call original fetch
-    const response = await originalFetch.apply(this, args);
-    
-    // Clone the response so we can read it multiple times
-    const clonedResponse = response.clone();
-    
-    // Only process JSON responses from API endpoints
-    const contentType = response.headers.get('content-type');
-    if (contentType && contentType.includes('application/json') && 
-        (args[0].includes('/api/') || args[0].includes('api/v1'))) {
-      
-      try {
-        // Read and parse the response
-        const originalData = await clonedResponse.json();
-        
-        // Sanitize the data
-        const sanitizedData = sanitizeObject(originalData, currentDomain);
-        
-        // Create a new response with sanitized data
-        return new Response(JSON.stringify(sanitizedData), {
-          status: response.status,
-          statusText: response.statusText,
-          headers: response.headers
-        });
-      } catch (e) {
-        console.error('[Domain Isolation] Error sanitizing response:', e);
-        return response; // Return original response on error
-      }
-    }
-    
-    return response;
-  };
-  
-  console.log('[Domain Isolation] API response sanitizer installed');
-})();
\ No newline at end of file
diff --git a/apps/web/public/domain-isolation-loader.js b/apps/web/public/domain-isolation-loader.js
deleted file mode 100644
index f2285bed..00000000
--- a/apps/web/public/domain-isolation-loader.js
+++ /dev/null
@@ -1,82 +0,0 @@
-// Domain Isolation Loader
-// This script loads before any other scripts to ensure all requests stay within the current domain
-
-(function() {
-  console.log('[Domain Isolation] Initializing early domain isolation...');
-  
-  // Override createElement to patch script elements before they load
-  const originalCreateElement = document.createElement.bind(document);
-  document.createElement = function(tagName) {
-    const element = originalCreateElement(tagName);
-    
-    if (tagName.toLowerCase() === 'script') {
-      const originalSetAttribute = element.setAttribute.bind(element);
-      element.setAttribute = function(name, value) {
-        if (name === 'src' && typeof value === 'string') {
-          try {
-            const currentDomain = window.location.hostname;
-            const urlObj = new URL(value, window.location.origin);
-            const targetDomain = urlObj.hostname;
-            
-            if (targetDomain !== currentDomain) {
-              console.warn('[Domain Isolation] Pre-load intercepted cross-domain script:', value);
-              value = value.replace(/https?:\/\/[^\/]+/, window.location.origin);
-              console.log('[Domain Isolation] Changed to:', value);
-            }
-          } catch (e) {
-            console.error('[Domain Isolation] Error processing script URL:', e);
-          }
-        }
-        return originalSetAttribute(name, value);
-      };
-    }
-    
-    return element;
-  };
-  
-  // Store original URL manipulation methods
-  window.__domainIsolationOriginals = {
-    fetch: window.fetch,
-    open: XMLHttpRequest.prototype.open
-  };
-  
-  // Simple early fetch override
-  window.fetch = function(url, options) {
-    if (typeof url === 'string') {
-      try {
-        const currentDomain = window.location.hostname;
-        const urlObj = new URL(url, window.location.origin);
-        const targetDomain = urlObj.hostname;
-        
-        if (targetDomain !== currentDomain) {
-          console.warn('[Domain Isolation] Early loader redirecting fetch:', url);
-          url = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
-        }
-      } catch (e) {
-        console.error('[Domain Isolation] Early loader error:', e);
-      }
-    }
-    return window.__domainIsolationOriginals.fetch.apply(this, arguments);
-  };
-  
-  // Simple early XHR override
-  XMLHttpRequest.prototype.open = function(method, url, ...args) {
-    if (typeof url === 'string') {
-      try {
-        const currentDomain = window.location.hostname;
-        const urlObj = new URL(url, window.location.origin);
-        const targetDomain = urlObj.hostname;
-        
-        if (targetDomain !== currentDomain) {
-          console.warn('[Domain Isolation] Early loader redirecting XHR:', url);
-          url = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
-        }
-      } catch (e) {
-        console.error('[Domain Isolation] Early loader error:', e);
-      }
-    }
-    return window.__domainIsolationOriginals.open.apply(this, [method, url, ...args]);
-  };
-  
-  console.log('[Domain Isolation] Early domain isolation initialized');
-})();
\ No newline at end of file
diff --git a/apps/web/tsconfig.build.json b/apps/web/tsconfig.build.json
deleted file mode 100644
index a8d395f0..00000000
--- a/apps/web/tsconfig.build.json
+++ /dev/null
@@ -1,19 +0,0 @@
-{
-  "extends": "./tsconfig.json",
-  "compilerOptions": {
-    "noEmit": true,
-    "allowJs": true,
-    "skipLibCheck": true, 
-    "noImplicitAny": false,
-    "strictNullChecks": false,
-    "strictPropertyInitialization": false
-  },
-  "include": [
-    "next-env.d.ts",
-    "**/*.ts",
-    "**/*.tsx"
-  ],
-  "exclude": [
-    "node_modules"
-  ]
-}
\ No newline at end of file
diff --git a/apps/web/utils/apiClient.js b/apps/web/utils/apiClient.js
deleted file mode 100644
index bde4fee1..00000000
--- a/apps/web/utils/apiClient.js
+++ /dev/null
@@ -1,59 +0,0 @@
-import { getApiUrl } from './runtimeConfig';
-
-/**
- * Creates an API client that uses runtime configuration
- * @returns {Object} API client object with fetch method
- */
-export function createApiClient() {
-  return {
-    /**
-     * Fetch data from the API with the correct runtime URL
-     * @param {string} path - API path to fetch from
-     * @param {Object} options - Fetch options
-     * @returns {Promise<any>} - JSON response
-     */
-    fetch: async (path, options = {}) => {
-      const url = getApiUrl(path);
-      console.log(`[API] Fetching from: ${url}`);
-      
-      const response = await fetch(url, options);
-      
-      if (!response.ok) {
-        throw new Error(`API request failed: ${response.status}`);
-      }
-      
-      return response.json();
-    },
-    
-    /**
-     * Post data to the API with the correct runtime URL
-     * @param {string} path - API path to post to
-     * @param {Object} data - Data to post
-     * @param {Object} options - Additional fetch options
-     * @returns {Promise<any>} - JSON response
-     */
-    post: async (path, data, options = {}) => {
-      const url = getApiUrl(path);
-      console.log(`[API] Posting to: ${url}`);
-      
-      const response = await fetch(url, {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          ...options.headers,
-        },
-        body: JSON.stringify(data),
-        ...options,
-      });
-      
-      if (!response.ok) {
-        throw new Error(`API request failed: ${response.status}`);
-      }
-      
-      return response.json();
-    }
-  };
-}
-
-// Create a singleton instance for easier imports
-export const apiClient = createApiClient();
\ No newline at end of file
diff --git a/apps/web/utils/runtimeConfig.js b/apps/web/utils/runtimeConfig.js
deleted file mode 100644
index ef968b0b..00000000
--- a/apps/web/utils/runtimeConfig.js
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Utility functions to access runtime configuration values
- */
-
-/**
- * Gets configuration from runtime values (window.RUNTIME_CONFIG) with fallback to environment variables
- * This ensures dynamic configuration at runtime instead of build time
- */
-export function useRuntimeConfig() {
-  // For server-side rendering, use environment variables
-  if (typeof window === 'undefined') {
-    return {
-      apiUrl: process.env.NEXT_PUBLIC_LEARNHOUSE_API_URL,
-      backendUrl: process.env.NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL,
-      domain: process.env.NEXT_PUBLIC_LEARNHOUSE_DOMAIN,
-      defaultOrg: process.env.NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG || 'default',
-      multiOrg: process.env.NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG === 'true',
-      topDomain: process.env.NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN
-    };
-  }
-  
-  // For client-side, prioritize runtime config over baked-in environment variables
-  const config = window.RUNTIME_CONFIG || {};
-  return {
-    apiUrl: config.LEARNHOUSE_API_URL || process.env.NEXT_PUBLIC_LEARNHOUSE_API_URL,
-    backendUrl: config.LEARNHOUSE_BACKEND_URL || process.env.NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL,
-    domain: config.LEARNHOUSE_DOMAIN || process.env.NEXT_PUBLIC_LEARNHOUSE_DOMAIN,
-    defaultOrg: config.LEARNHOUSE_DEFAULT_ORG || process.env.NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG || 'default',
-    multiOrg: config.LEARNHOUSE_MULTI_ORG === 'true' || process.env.NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG === 'true',
-    topDomain: config.LEARNHOUSE_TOP_DOMAIN || process.env.NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN
-  };
-}
-
-/**
- * Gets the API URL with the correct domain
- * @param {string} path - The API path
- * @returns {string} - The complete API URL
- */
-export function getApiUrl(path) {
-  const config = useRuntimeConfig();
-  return `${config.apiUrl || `https://${config.domain}/api/v1/`}${path}`;
-}
-
-/**
- * Gets the backend URL with the correct domain
- * @param {string} path - The backend path
- * @returns {string} - The complete backend URL
- */
-export function getBackendUrl(path) {
-  const config = useRuntimeConfig();
-  return `${config.backendUrl || `https://${config.domain}/`}${path}`;
-}
\ No newline at end of file
diff --git a/extra/api-interceptor.js b/extra/api-interceptor.js
deleted file mode 100644
index 4891f588..00000000
--- a/extra/api-interceptor.js
+++ /dev/null
@@ -1,97 +0,0 @@
-(function() {
-  // Get the current domain
-  const currentDomain = window.location.hostname;
-  console.log("[Domain Isolation] Current domain:", currentDomain);
-  
-  // Check if RUNTIME_CONFIG is available
-  if (!window.RUNTIME_CONFIG) {
-    console.warn("[Domain Isolation] Runtime config not found, creating empty one.");
-    window.RUNTIME_CONFIG = {};
-  }
-  
-  // Store the domain info globally
-  window.LEARNHOUSE_DOMAIN = currentDomain;
-  
-  // 1. Intercept fetch API
-  const originalFetch = window.fetch;
-  window.fetch = function(url, options) {
-    if (typeof url === "string") {
-      try {
-        // Handle both absolute and relative URLs
-        const urlObj = new URL(url, window.location.origin);
-        const targetDomain = urlObj.hostname;
-        
-        // If URL has a different domain than current domain, rewrite it
-        if (targetDomain !== currentDomain) {
-          // Allow external APIs like umami
-          if (targetDomain.includes('api-gateway.umami.dev')) {
-            return originalFetch(url, options);
-          }
-          
-          console.warn("[Domain Isolation] Redirecting request to current domain:", url);
-          const newUrl = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
-          console.log("[Domain Isolation] New URL:", newUrl);
-          return originalFetch(newUrl, options);
-        }
-      } catch (e) {
-        console.error("[Domain Isolation] Error processing URL:", e);
-      }
-    }
-    return originalFetch(url, options);
-  };
-  
-  // 2. Intercept XMLHttpRequest
-  const originalXHROpen = XMLHttpRequest.prototype.open;
-  XMLHttpRequest.prototype.open = function(method, url, ...rest) {
-    if (typeof url === "string") {
-      try {
-        const urlObj = new URL(url, window.location.origin);
-        const targetDomain = urlObj.hostname;
-        
-        if (targetDomain !== currentDomain) {
-          // Allow external APIs
-          if (targetDomain.includes('api-gateway.umami.dev')) {
-            return originalXHROpen.call(this, method, url, ...rest);
-          }
-          
-          console.warn("[Domain Isolation] Redirecting XHR to current domain:", url);
-          const newUrl = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
-          console.log("[Domain Isolation] New XHR URL:", newUrl);
-          return originalXHROpen.call(this, method, newUrl, ...rest);
-        }
-      } catch (e) {
-        console.error("[Domain Isolation] Error processing XHR URL:", e);
-      }
-    }
-    return originalXHROpen.call(this, method, url, ...rest);
-  };
-  
-  // 3. Fix Next.js chunk loading issues
-  const originalReactDOMCreateScriptHook = Object.getOwnPropertyDescriptor(HTMLScriptElement.prototype, 'src');
-  if (originalReactDOMCreateScriptHook) {
-    Object.defineProperty(HTMLScriptElement.prototype, 'src', {
-      get: originalReactDOMCreateScriptHook.get,
-      set: function(url) {
-        if (typeof url === 'string') {
-          try {
-            const urlObj = new URL(url, window.location.origin);
-            const targetDomain = urlObj.hostname;
-            
-            if (targetDomain !== currentDomain && url.includes('/next/static/chunks/')) {
-              const newUrl = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
-              console.warn("[Domain Isolation] Redirecting script src to current domain:", url);
-              console.log("[Domain Isolation] New script src:", newUrl);
-              return originalReactDOMCreateScriptHook.set.call(this, newUrl);
-            }
-          } catch (e) {
-            console.error("[Domain Isolation] Error processing script URL:", e);
-          }
-        }
-        return originalReactDOMCreateScriptHook.set.call(this, url);
-      },
-      configurable: true
-    });
-  }
-  
-  console.log("[Domain Isolation] Complete domain isolation system installed");
-})();
\ No newline at end of file
diff --git a/extra/api-response-sanitizer.js b/extra/api-response-sanitizer.js
deleted file mode 100644
index 5aebee14..00000000
--- a/extra/api-response-sanitizer.js
+++ /dev/null
@@ -1,93 +0,0 @@
-/**
- * API Response Sanitizer
- * 
- * This script specifically handles API responses to ensure they don't contain
- * URLs pointing to the wrong domain.
- */
-(function() {
-  console.log('[Domain Isolation] Installing API response sanitizer...');
-  
-  // Save reference to the original fetch
-  const originalFetch = window.fetch;
-
-  /**
-   * Recursively sanitize objects to replace URLs from wrong domains
-   */
-  function sanitizeObject(obj, currentDomain) {
-    if (!obj || typeof obj !== 'object') return obj;
-    
-    // Handle arrays
-    if (Array.isArray(obj)) {
-      return obj.map(item => sanitizeObject(item, currentDomain));
-    }
-    
-    // Handle objects
-    const result = {};
-    
-    for (const [key, value] of Object.entries(obj)) {
-      // Check if this is a URL string value
-      if (typeof value === 'string' && 
-          (value.startsWith('http://') || value.startsWith('https://'))) {
-        try {
-          const url = new URL(value);
-          if (url.hostname !== currentDomain && 
-              !url.hostname.includes('api-gateway.umami.dev')) {
-            console.log(`[Sanitizer] Found cross-domain URL: ${value}`);
-            const newValue = value.replace(url.hostname, currentDomain);
-            result[key] = newValue;
-            continue;
-          }
-        } catch (e) {
-          // Not a valid URL, keep original value
-        }
-      }
-      
-      // Process nested objects/arrays
-      if (value && typeof value === 'object') {
-        result[key] = sanitizeObject(value, currentDomain);
-      } else {
-        result[key] = value;
-      }
-    }
-    
-    return result;
-  }
-  
-  // Override fetch to sanitize responses
-  window.fetch = async function(...args) {
-    const currentDomain = window.location.hostname;
-    
-    // Call original fetch
-    const response = await originalFetch.apply(this, args);
-    
-    // Clone the response so we can read it multiple times
-    const clonedResponse = response.clone();
-    
-    // Only process JSON responses from API endpoints
-    const contentType = response.headers.get('content-type');
-    if (contentType && contentType.includes('application/json')) {
-      
-      try {
-        // Read and parse the response
-        const originalData = await clonedResponse.json();
-        
-        // Sanitize the data
-        const sanitizedData = sanitizeObject(originalData, currentDomain);
-        
-        // Create a new response with sanitized data
-        return new Response(JSON.stringify(sanitizedData), {
-          status: response.status,
-          statusText: response.statusText,
-          headers: response.headers
-        });
-      } catch (e) {
-        console.error('[Domain Isolation] Error sanitizing response:', e);
-        return response; // Return original response on error
-      }
-    }
-    
-    return response;
-  };
-  
-  console.log('[Domain Isolation] API response sanitizer installed');
-})();
\ No newline at end of file
diff --git a/extra/domain-isolation-loader.js b/extra/domain-isolation-loader.js
deleted file mode 100644
index f2285bed..00000000
--- a/extra/domain-isolation-loader.js
+++ /dev/null
@@ -1,82 +0,0 @@
-// Domain Isolation Loader
-// This script loads before any other scripts to ensure all requests stay within the current domain
-
-(function() {
-  console.log('[Domain Isolation] Initializing early domain isolation...');
-  
-  // Override createElement to patch script elements before they load
-  const originalCreateElement = document.createElement.bind(document);
-  document.createElement = function(tagName) {
-    const element = originalCreateElement(tagName);
-    
-    if (tagName.toLowerCase() === 'script') {
-      const originalSetAttribute = element.setAttribute.bind(element);
-      element.setAttribute = function(name, value) {
-        if (name === 'src' && typeof value === 'string') {
-          try {
-            const currentDomain = window.location.hostname;
-            const urlObj = new URL(value, window.location.origin);
-            const targetDomain = urlObj.hostname;
-            
-            if (targetDomain !== currentDomain) {
-              console.warn('[Domain Isolation] Pre-load intercepted cross-domain script:', value);
-              value = value.replace(/https?:\/\/[^\/]+/, window.location.origin);
-              console.log('[Domain Isolation] Changed to:', value);
-            }
-          } catch (e) {
-            console.error('[Domain Isolation] Error processing script URL:', e);
-          }
-        }
-        return originalSetAttribute(name, value);
-      };
-    }
-    
-    return element;
-  };
-  
-  // Store original URL manipulation methods
-  window.__domainIsolationOriginals = {
-    fetch: window.fetch,
-    open: XMLHttpRequest.prototype.open
-  };
-  
-  // Simple early fetch override
-  window.fetch = function(url, options) {
-    if (typeof url === 'string') {
-      try {
-        const currentDomain = window.location.hostname;
-        const urlObj = new URL(url, window.location.origin);
-        const targetDomain = urlObj.hostname;
-        
-        if (targetDomain !== currentDomain) {
-          console.warn('[Domain Isolation] Early loader redirecting fetch:', url);
-          url = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
-        }
-      } catch (e) {
-        console.error('[Domain Isolation] Early loader error:', e);
-      }
-    }
-    return window.__domainIsolationOriginals.fetch.apply(this, arguments);
-  };
-  
-  // Simple early XHR override
-  XMLHttpRequest.prototype.open = function(method, url, ...args) {
-    if (typeof url === 'string') {
-      try {
-        const currentDomain = window.location.hostname;
-        const urlObj = new URL(url, window.location.origin);
-        const targetDomain = urlObj.hostname;
-        
-        if (targetDomain !== currentDomain) {
-          console.warn('[Domain Isolation] Early loader redirecting XHR:', url);
-          url = url.replace(/https?:\/\/[^\/]+/, window.location.origin);
-        }
-      } catch (e) {
-        console.error('[Domain Isolation] Early loader error:', e);
-      }
-    }
-    return window.__domainIsolationOriginals.open.apply(this, [method, url, ...args]);
-  };
-  
-  console.log('[Domain Isolation] Early domain isolation initialized');
-})();
\ No newline at end of file
diff --git a/extra/runtime-config-start.sh b/extra/runtime-config-start.sh
deleted file mode 100755
index 45a50c3d..00000000
--- a/extra/runtime-config-start.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-echo "Generating runtime configuration..."
-mkdir -p /app/web/public
-
-# Generate runtime config
-cat > /app/web/public/runtime-config.js << EOF
-window.RUNTIME_CONFIG = {
-  LEARNHOUSE_API_URL: "${NEXT_PUBLIC_LEARNHOUSE_API_URL:-}",
-  LEARNHOUSE_BACKEND_URL: "${NEXT_PUBLIC_LEARNHOUSE_BACKEND_URL:-}",
-  LEARNHOUSE_DOMAIN: "${NEXT_PUBLIC_LEARNHOUSE_DOMAIN:-}",
-  LEARNHOUSE_DEFAULT_ORG: "${NEXT_PUBLIC_LEARNHOUSE_DEFAULT_ORG:-default}",
-  LEARNHOUSE_MULTI_ORG: "${NEXT_PUBLIC_LEARNHOUSE_MULTI_ORG:-false}",
-  LEARNHOUSE_TOP_DOMAIN: "${NEXT_PUBLIC_LEARNHOUSE_TOP_DOMAIN:-}"
-}
-EOF
-
-# Copy the pre-created isolation scripts to the public folder
-cp /app/extra/api-interceptor.js /app/web/public/
-cp /app/extra/api-response-sanitizer.js /app/web/public/
-cp /app/extra/domain-isolation-loader.js /app/web/public/
-
-echo "Runtime configuration generated successfully"
-
-echo "Enhanced patching of NextAuth cookies and domains..."
-find /app/web/.next -type f -name "*.js" -exec sed -i "s/domain:[^,}]*,/domain: undefined,/g" {} \;
-find /app/web/.next -type f -name "*.js" -exec sed -i "s/domain: *process.env.LEARNHOUSE_COOKIE_DOMAIN/domain: undefined/g" {} \;
-find /app/web/.next -type f -name "*.js" -exec sed -i "s/\.domain\s*=\s*[^;]*;/\.domain = undefined;/g" {} \;
-echo "Cookie domain patches complete."
-
-echo "Starting application..."
-sh /app/start.sh
\ No newline at end of file