collavre 0.3.2 → 0.5.0

data/app/models/collavre/creative.rb

@@ -12,36 +12,10 @@ module Collavre
 
     after_save :touch_subtree_on_move, if: :saved_change_to_parent_id?
 
-    unless const_defined?(:DEFAULT_GITHUB_GEMINI_PROMPT)
-      DEFAULT_GITHUB_GEMINI_PROMPT = <<~PROMPT.freeze
-        You are reviewing a GitHub pull request and mapping it to Creative tasks.
-        Pull request title: \#{pr_title}
-        Pull request body:
-        \#{pr_body}
 
-        Pull request commit messages:
-        \#{commit_messages}
-
-        Pull request diff:
-        \#{diff}
-
-        Creative tree structure. Each line represents a creative node with indentation indicating depth (4 spaces per level).
-        Format: - {"id": <ID>, "progress": <0.0-1.0>, "desc": "<Description>"}
-        \#{creative_tree}
-
-        \#{language_instructions}
-
-        When describing creatives, write from an end-user perspective similar to a user manual. Avoid unnecessary technical detail, and keep sentences concise.
-
-        Return a JSON object with two keys:
-        - "completed": array of objects representing tasks finished by this PR. Each object must include "creative_id" (from the IDs above). Use only creatives marked [LEAF] in the list above. Optionally include "progress" (0.0 to 1.0), "note", or "path" for context.
-        - "additional": array of objects for new creatives that are not already represented in the tree above. Each object must include "parent_id" (from the IDs above) and "description" (the new creative text). Do not use this list for follow-up tasks on existing creatives—only describe brand new creatives. Optionally include "progress" (0.0 to 1.0), "note", or "path".
-
-        Do not add tasks to "completed" if they already show 100% progress in the tree above unless this PR clearly made new changes that justify marking them complete.
-
-        Use only IDs present in the tree. Respond with valid JSON only.
-      PROMPT
-    end
+    include Linkable
+    include Permissible
+    include Describable
 
     has_many :comments, class_name: "Collavre::Comment", dependent: :destroy
     has_many :comment_read_pointers, class_name: "Collavre::CommentReadPointer", dependent: :delete_all
@@ -50,12 +24,8 @@ module Collavre
 
     attr_accessor :filtered_progress
 
-    belongs_to :origin, class_name: "Collavre::Creative", optional: true
-    has_many :linked_creatives, class_name: "Collavre::Creative", foreign_key: :origin_id, dependent: :destroy
     belongs_to :user, class_name: Collavre.configuration.user_class_name, optional: true
 
-    has_many :creative_shares, class_name: "Collavre::CreativeShare", dependent: :destroy
-    has_many :creative_shares_caches, class_name: "Collavre::CreativeSharesCache", dependent: :delete_all
     has_many :tags, class_name: "Collavre::Tag", dependent: :destroy
     has_many :creative_expanded_states, class_name: "Collavre::CreativeExpandedState", dependent: :delete_all
     has_many :invitations, class_name: "Collavre::Invitation", dependent: :delete_all
@@ -67,155 +37,26 @@ module Collavre
     has_many :labels, class_name: "Collavre::Label", dependent: :destroy
 
     validates :progress, numericality: { greater_than_or_equal_to: 0.0, less_than_or_equal_to: 1.0 }, unless: -> { origin_id.present? }
-    validates :description, presence: true, unless: -> { origin_id.present? }
 
     validate :progress_cannot_change_if_has_origin, on: :update
-    validate :description_cannot_change_if_has_origin, on: :update
-    validate :origin_cannot_be_self
 
     before_validation :assign_default_user, on: :create
-    before_validation :redirect_parent_to_origin
-    before_save :sanitize_description_html
 
     after_save :update_parent_progress
     after_destroy :update_parent_progress
-    after_destroy_commit :purge_description_attachments
     after_save :update_mcp_tools
 
-    after_commit :rebuild_permission_cache, if: :saved_change_to_parent_id?, unless: :destroyed?
-    after_commit :cache_owner_permission, on: :create
-    after_commit :update_owner_cache, if: :saved_change_to_user_id?, unless: :destroyed?
-
-
-
-
-    def has_permission?(user, required_permission = :read)
-      Collavre::Creatives::PermissionChecker.new(self, user).allowed?(required_permission)
-    end
-
-    # Returns only children for which the user has at least the given permission (default: :read)
-    def children_with_permission(user = nil, min_permission = :read)
-      user ||= Collavre.current_user
-      children_scope = effective_origin(Set.new).children
-      children_ids = children_scope.pluck(:id)
-      return [] if children_ids.empty?
-
-      min_rank = CreativeShare.permissions[min_permission.to_s]
-      accessible_ids = Set.new
-
-      if user
-        # 사용자별 엔트리 확인 (user-specific entry가 있으면 public share보다 우선)
-        user_entries = CreativeSharesCache
-          .where(creative_id: children_ids, user_id: user.id)
-          .pluck(:creative_id, :permission)
-
-        user_has_entry = Set.new  # user-specific entry가 있는 children
-        user_entries.each do |cid, perm|
-          user_has_entry << cid
-          # perm is string from enum, convert to integer for comparison
-          perm_rank = CreativeSharesCache.permissions[perm]
-          # User-specific entry with sufficient permission grants access
-          if perm_rank && perm_rank >= min_rank && perm_rank != CreativeSharesCache.permissions[:no_access]
-            accessible_ids << cid
-          end
-          # If insufficient or no_access, don't add to accessible - will be excluded from public fallback
-        end
-
-        # Public share 확인 (user-specific entry가 있는 건 제외 - user entry가 우선)
-        public_accessible = CreativeSharesCache
-          .where(creative_id: children_ids, user_id: nil)
-          .where("permission >= ?", min_rank)
-          .where.not(permission: :no_access)
-          .pluck(:creative_id)
-        accessible_ids.merge(public_accessible - user_has_entry.to_a)
-
-        # Fallback: include owned children (for fixtures and missing cache entries)
-        owned_ids = children_scope.where(user_id: user.id).pluck(:id)
-        accessible_ids.merge(owned_ids)
-      else
-        # 비로그인: public share만
-        accessible_ids = CreativeSharesCache
-          .where(creative_id: children_ids, user_id: nil)
-          .where("permission >= ?", min_rank)
-          .where.not(permission: :no_access)
-          .pluck(:creative_id)
-          .to_set
-      end
-
-      children_scope.where(id: accessible_ids.to_a).order(:sequence).to_a
-    end
-
-    # Returns the effective attribute for linked creatives
-    def effective_attribute(attr, visited_ids = Set.new)
-      return self[attr] if origin_id.nil? || attr.to_s == "parent_id"
-      return self[attr] if visited_ids.include?(id)
-
-      visited_ids.add(id)
-      origin.effective_attribute(attr, visited_ids)
-    end
-
-    def effective_origin(visited_ids = Set.new)
-      return self if origin_id.nil?
-      return self if visited_ids.include?(id)
-
-      visited_ids.add(id)
-      origin.effective_origin(visited_ids)
-    end
-
     # Compatibility helper: ancestry gem exposes `subtree_ids`, while
     # closure_tree typically uses `self_and_descendants`.
-    # Provide `subtree_ids` so call sites (e.g., controller search) work.
     def subtree_ids
       self_and_descendants.pluck(:id)
     end
 
-    # Linked Creative의 description을 안전하게 반환
-    # variation_id가 주어지면 해당 Variation의 Tag value를 반환, 없으면 기존 description 반환
-    def effective_description(variation_id = nil, html = true)
-      if variation_id.present?
-        variation_tag = tags.find_by(label_id: variation_id)
-        return variation_tag.value if variation_tag&.value.present?
-      end
-      if origin_id.nil?
-        description_val = description
-      else
-        description_val = origin.description
-      end
-      if html
-        description_val&.to_s || ""
-      else
-        # For plain text, we might need to strip tags if description is HTML
-        # But the original code used rich_text_description&.body which returns ActionText::Content
-        # which has to_s (HTML) and to_plain_text.
-        # Since we now store raw HTML, we should strip tags for plain text.
-        ActionController::Base.helpers.strip_tags(description_val&.to_s || "")
-      end
-    end
-
-    def creative_snippet
-      ActionController::Base.helpers.strip_tags(effective_origin.description || "").truncate(24, omission: "...")
-    end
-
-    def progress
-      effective_attribute(:progress, Set.new)
-    end
-
-    def user
-      target = effective_origin(Set.new)
-      return super if target == self
-
-      target.user
-    end
-
     def children
       # better not override this method, use children_with_permission instead or linked_children
       super
     end
 
-    def linked_children
-      origin_id.nil? ? children_with_permission(Collavre.current_user, :read) : origin&.children_with_permission(Collavre.current_user, :read) || []
-    end
-
     def owning_parent
       if parent.present?
         Creative.find_by(origin_id: parent.id, user: Collavre.current_user) || parent
@@ -236,29 +77,10 @@ module Collavre
       progress_service.progress_for_tags(tag_ids, user)
     end
 
-    # Calculate progress for the subtree ignoring permission checks.
-    # `tagged_ids` should be a Set of creative IDs that are tagged with the plan.
     def progress_for_plan(tagged_ids)
       progress_service.progress_for_plan(tagged_ids)
     end
 
-    # 공유 대상 사용자를 위해 Linked Creative를 생성합니다.
-    # 이미 존재하거나 원본 작성자에게는 생성하지 않습니다.
-    def create_linked_creative_for_user(user)
-      original = effective_origin(Set.new)
-      return if original.user_id == user.id
-      ancestor_ids = original.ancestors.pluck(:id)
-      has_ancestor_share = CreativeShare.where(creative_id: ancestor_ids, user_id: user.id)
-                                        .where.not(permission: :no_access)
-                                        .exists?
-      has_owning_ancestors = Creative.where(id: ancestor_ids, user_id: user.id)
-                                          .exists?
-      return if has_ancestor_share or has_owning_ancestors
-      Creative.find_or_create_by!(origin_id: original.id, user_id: user.id) do |c|
-        c.parent_id = nil
-      end
-    end
-
     def update_parent_progress
       progress_service.update_parent_progress!
 
@@ -270,77 +92,9 @@ module Collavre
       end
     end
 
-    def all_shared_users(required_permission = :no_access)
-      base_creative = effective_origin(Set.new)
-      ancestor_ids = [ base_creative.id ] + base_creative.ancestors.pluck(:id)
-      required_permission_level = CreativeShare.permissions.fetch(required_permission.to_s)
-
-      shares = CreativeShare.where(creative_id: ancestor_ids).includes(:user)
-      shares_for_user_hash = shares.group_by(&:user_id)
-
-      shares_for_user_hash.filter_map do |_user_id, user_shares|
-        closest_share = CreativeShare.closest_parent_share(ancestor_ids, user_shares)
-        next unless closest_share
-
-        closest_permission_level = CreativeShare.permissions.fetch(closest_share.permission.to_s)
-        next if closest_permission_level < required_permission_level
-
-        closest_share
-      end
-    end
-
-    def github_gemini_prompt_template
-      github_gemini_prompt.presence || DEFAULT_GITHUB_GEMINI_PROMPT
-    end
 
     private
 
-    def purge_description_attachments
-      return if description.blank?
-
-      signed_ids = extract_signed_ids_from_description
-      return if signed_ids.empty?
-
-      signed_ids.each do |signed_id|
-        begin
-          blob = ActiveStorage::Blob.find_signed(signed_id)
-          next unless blob
-
-          # Skip purging if another creative still references the blob
-          next if Creative.where.not(id: id)
-                          .where("description LIKE ?", "%#{ActiveRecord::Base.sanitize_sql_like(signed_id)}%")
-                          .exists?
-
-          blob.purge
-        rescue ActiveRecord::RecordNotFound, ActiveSupport::MessageVerifier::InvalidSignature
-          Rails.logger.warn("Creative##{id}: could not find blob for signed_id=#{signed_id}")
-        rescue => e
-          Rails.logger.error("Creative##{id}: failed to purge blob #{signed_id}: #{e.message}")
-        end
-      end
-    end
-
-    def sanitize_description_html
-      table_tags = %w[table thead tbody tfoot tr th td]
-      table_attrs = %w[colspan rowspan]
-      self.description = ActionController::Base.helpers.sanitize(
-        description,
-        tags: Rails::HTML5::SafeListSanitizer.allowed_tags.to_a + table_tags,
-        attributes: Rails::HTML5::SafeListSanitizer.allowed_attributes.to_a + table_attrs + %w[data-lexical]
-      )
-    end
-
-    def extract_signed_ids_from_description
-      return [] if description.blank?
-
-      html = description.to_s
-
-      ids = html.scan(%r{/rails/active_storage/blobs/(?:redirect|proxy)/([^/?#]+)}).flatten
-      ids += html.scan(%r{/rails/active_storage/blobs/([^/?#]+)}).flatten
-
-      ids.uniq
-    end
-
     def assign_default_user
       return if user.present?
       if parent_id.present? && parent
@@ -354,12 +108,6 @@ module Collavre
       @progress_service ||= Collavre::Creatives::ProgressService.new(self)
     end
 
-    def redirect_parent_to_origin
-      if parent&.origin_id.present?
-        self.parent = parent.origin
-      end
-    end
-
     def update_mcp_tools
       McpService.new.update_from_creative(self)
     end
@@ -370,41 +118,7 @@ module Collavre
       end
     end
 
-    def description_cannot_change_if_has_origin
-      if origin_id.present? && will_save_change_to_description?
-        errors.add(:description, "cannot be changed directly when linked to an origin")
-      end
-    end
-
-    def origin_cannot_be_self
-      if origin_id.present? && origin_id == id
-        errors.add(:origin_id, "cannot be the same as id")
-      end
-    end
-
-    def rebuild_permission_cache
-      PermissionCacheJob.perform_later(:rebuild_for_creative, creative_id: id)
-    end
-
-    def cache_owner_permission
-      PermissionCacheJob.perform_later(:cache_owner, creative_id: id)
-    end
-
-    def update_owner_cache
-      old_user_id, new_user_id = saved_change_to_user_id
-      PermissionCacheJob.perform_later(:update_owner,
-        creative_id: id,
-        old_user_id: old_user_id,
-        new_user_id: new_user_id
-      )
-    end
-
-    private
-
     def touch_subtree_on_move
-      # When moving a tree, all descendants might have new effective permissions
-      # so we must touch them to invalidate cache.
-      # self is already touched by save.
       descendants.update_all(updated_at: Time.current)
     end
   end

data/app/models/collavre/orchestrator_policy.rb

@@ -38,7 +38,7 @@ module Collavre
     SCOPE_TYPES = %w[Creative Topic User].freeze
 
     # Policy types
-    POLICY_TYPES = %w[matching arbitration scheduling stuck_detection].freeze
+    POLICY_TYPES = %w[matching arbitration scheduling stuck_detection collaboration].freeze
 
     # Arbitration strategies
     ARBITRATION_STRATEGIES = %w[all primary_first round_robin bid].freeze

data/app/models/collavre/system_setting.rb

@@ -28,6 +28,11 @@ module Collavre
     # Default home page path (nil means use root_path "/")
     DEFAULT_HOME_PAGE_PATH = nil
 
+    # Default theme IDs (nil means use built-in light/dark)
+    # These reference UserTheme IDs for admin-configured custom themes
+    DEFAULT_LIGHT_THEME_ID = nil
+    DEFAULT_DARK_THEME_ID = nil
+
     validates :key, presence: true, uniqueness: true
 
     # Clear cache after save
@@ -47,7 +52,7 @@ module Collavre
         lockout_duration_minutes session_timeout_minutes password_min_length
         password_reset_rate_limit password_reset_rate_period_minutes
         api_rate_limit api_rate_period_minutes auth_providers_disabled
-        creatives_login_required home_page_path
+        creatives_login_required home_page_path default_light_theme_id default_dark_theme_id
       ].each { |k| Rails.cache.delete("system_setting:#{k}") }
     end
 
@@ -140,5 +145,26 @@ module Collavre
     def self.api_rate_period
       api_rate_period_minutes.minutes
     end
+
+    # Default theme IDs for users without a personal theme preference
+    def self.default_light_theme_id
+      value = cached_value("default_light_theme_id")
+      value.present? && value.to_i.positive? ? value.to_i : nil
+    end
+
+    def self.default_dark_theme_id
+      value = cached_value("default_dark_theme_id")
+      value.present? && value.to_i.positive? ? value.to_i : nil
+    end
+
+    def self.default_light_theme
+      id = default_light_theme_id
+      id ? Collavre::UserTheme.find_by(id: id) : nil
+    end
+
+    def self.default_dark_theme
+      id = default_dark_theme_id
+      id ? Collavre::UserTheme.find_by(id: id) : nil
+    end
   end
 end

data/app/models/collavre/user.rb

@@ -69,6 +69,48 @@ module Collavre
     attribute :llm_api_key, :string
     attribute :gateway_url, :string
     attribute :tools, :json, default: -> { [] }
+    attribute :agent_conf, :string
+
+    # Default context settings for AI agents
+    AGENT_CONF_DEFAULTS = {
+      "context" => {
+        "chat_history" => 50,
+        "chat_history_size" => 100_000,
+        "creative_children_level" => nil
+      }
+    }.freeze
+
+    # Default creative children level when agent_conf doesn't specify one
+    DEFAULT_CREATIVE_CHILDREN_LEVEL = 6
+
+    # Returns parsed agent_conf merged with defaults
+    def parsed_agent_conf
+      defaults = AGENT_CONF_DEFAULTS.deep_dup
+      return defaults if agent_conf.blank?
+
+      user_conf = YAML.safe_load(agent_conf, permitted_classes: [ Symbol ]) || {}
+      defaults.deep_merge(user_conf)
+    rescue Psych::SyntaxError => e
+      Rails.logger.warn("[User#parsed_agent_conf] Invalid YAML for user #{id}: #{e.message}")
+      AGENT_CONF_DEFAULTS.deep_dup
+    end
+
+    # Convenience accessors for context settings
+    def chat_history_limit
+      parsed_agent_conf.dig("context", "chat_history") || 50
+    end
+
+    def chat_history_size_limit
+      parsed_agent_conf.dig("context", "chat_history_size") || 100_000
+    end
+
+    # Returns the creative children depth level for AI context.
+    # nil in agent_conf means use the default (6).
+    # 0 = no children, 1 = direct children only, 2 = grandchildren, etc.
+    def creative_children_level
+      level = parsed_agent_conf.dig("context", "creative_children_level")
+      level.nil? ? DEFAULT_CREATIVE_CHILDREN_LEVEL : level.to_i
+    end
 
     encrypts :llm_api_key, deterministic: false
     encrypts :google_access_token, deterministic: false

data/app/models/collavre/user_theme.rb

@@ -6,5 +6,15 @@ module Collavre
 
     validates :name, presence: true
     validates :variables, presence: true
+
+    # Returns true if the theme has a dark background (lightness < 50%)
+    def dark?
+      bg = variables["--surface-bg"].to_s
+      return false unless bg.match?(/\A#[0-9a-fA-F]{6}\z/)
+
+      r, g, b = bg[1..2].to_i(16), bg[3..4].to_i(16), bg[5..6].to_i(16)
+      luminance = (0.299 * r + 0.587 * g + 0.114 * b) / 255.0
+      luminance < 0.5
+    end
   end
 end

data/app/services/collavre/ai_agent/approval_handler.rb

@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+
+module Collavre
+  module AiAgent
+    # Handles tool-execution approval flow when an AI agent
+    # invokes a tool that requires human approval.
+    class ApprovalHandler
+      def initialize(task:, agent:, context:, creative: nil, reply_comment: nil)
+        @task = task
+        @agent = agent
+        @context = context
+        @creative = creative
+        @reply_comment = reply_comment
+      end
+
+      def handle(error)
+        cleanup_placeholder
+
+        broadcast_idle
+
+        update_task(error)
+
+        log_action(error)
+
+        create_approval_comment(error)
+      end
+
+      private
+
+      def cleanup_placeholder
+        @reply_comment&.destroy! if @reply_comment&.content == Comment::STREAMING_PLACEHOLDER_CONTENT
+      end
+
+      def broadcast_idle
+        return unless @creative
+
+        CommentsPresenceChannel.broadcast_agent_status(
+          @creative.effective_origin.id,
+          status: "idle",
+          agent_id: @agent.id,
+          agent_name: @agent.display_name,
+          task_id: @task.id,
+          source_creative_id: @creative.id
+        )
+      end
+
+      def update_task(error)
+        @task.update!(
+          status: "pending_approval",
+          pending_tool_call: {
+            tool_name: error.tool_name,
+            tool_call_id: error.tool_call_id,
+            arguments: error.tool_arguments,
+            requested_at: Time.current.iso8601
+          }
+        )
+      end
+
+      def log_action(error)
+        @task.task_actions.create!(
+          action_type: "pending_approval",
+          payload: error.to_h,
+          status: "done"
+        )
+      end
+
+      def create_approval_comment(error)
+        return unless @creative
+
+        approver = @creative.user || User.find_by(id: @context.dig("comment", "user_id"))
+        return unless approver
+
+        action_payload = {
+          action: "execute_tool",
+          tool_name: error.tool_name,
+          arguments: error.tool_arguments,
+          resume: {
+            task_id: @task.id,
+            tool_call_id: error.tool_call_id
+          }
+        }
+
+        args_display = if error.tool_arguments.present?
+                         JSON.pretty_generate(error.tool_arguments)
+        else
+                         I18n.t("collavre.ai_agent.approval.no_arguments")
+        end
+
+        content = I18n.t(
+          "collavre.ai_agent.approval.message",
+          tool_name: error.tool_name,
+          arguments: args_display
+        )
+
+        original_comment = Comment.find_by(id: @context.dig("comment", "id"))
+        topic_id = original_comment&.topic_id
+
+        Comment.create!(
+          creative: @creative,
+          content: content,
+          user: @agent,
+          approver: approver,
+          action: JSON.pretty_generate(action_payload),
+          topic_id: topic_id,
+          private: false
+        )
+      end
+    end
+  end
+end