fix(reactive-resume): update for v5.1.4 compatibility

- Replace obsolete PRINTER_ENDPOINT with ENCRYPTION_SECRET in .env
  (PDF generation moved client-side in v5.1.0; AI providers require
  ENCRYPTION_SECRET since v5.1.4)
- Add commented REDIS_URL for the new AI Agent workspace (optional)
- Inject ENCRYPTION_SECRET into existing installs on update if missing

ct/reactive-resume.sh

@@ -54,6 +54,11 @@ function update_script() {
     rm -rf /tmp/rr-runtime
     msg_ok "Deployed Nitro Runtime Externals"
     mv /opt/reactive-resume.env.bak /opt/reactive-resume/.env
+    # Inject ENCRYPTION_SECRET if missing (required for AI providers since v5.1.4)
+    if ! grep -q '^ENCRYPTION_SECRET=' /opt/reactive-resume/.env; then
+      ENCRYPTION_SECRET=$(openssl rand -hex 32)
+      echo "ENCRYPTION_SECRET=${ENCRYPTION_SECRET}" >> /opt/reactive-resume/.env
+    fi
     msg_ok "Updated Reactive Resume"
 
     msg_info "Updating Service"

install/reactive-resume-install.sh

@@ -44,6 +44,7 @@ msg_ok "Built Reactive Resume"
 
 msg_info "Configuring Reactive Resume"
 AUTH_SECRET=$(openssl rand -hex 32)
+ENCRYPTION_SECRET=$(openssl rand -hex 32)
 
 cat <<EOF >/opt/reactive-resume/.env
 # Reactive Resume v5 Configuration
@@ -59,8 +60,8 @@ DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAM
 # Authentication Secret (do not change after initial setup)
 AUTH_SECRET=${AUTH_SECRET}
 
-# Printer (headless Chromium for PDF generation)
-PRINTER_ENDPOINT=http://127.0.0.1:9222
+# Encryption Secret (required for saved AI providers, do not change after initial setup)
+ENCRYPTION_SECRET=${ENCRYPTION_SECRET}
 
 # Storage: uses local filesystem (/opt/reactive-resume/data) when S3 is not configured
 # S3_ACCESS_KEY_ID=
@@ -83,6 +84,9 @@ PRINTER_ENDPOINT=http://127.0.0.1:9222
 # GOOGLE_CLIENT_ID=
 # GOOGLE_CLIENT_SECRET=
 
+# AI Agent (optional, required for the Agent workspace feature)
+# REDIS_URL=redis://localhost:6379
+
 # Feature Flags
 # FLAG_DISABLE_SIGNUPS=false
 # FLAG_DISABLE_EMAIL_AUTH=false