@intranefr/superbackend 1.5.2 → 1.6.3

package/src/models/Agent.js

@@ -0,0 +1,105 @@
+const mongoose = require('mongoose');
+
+const agentSchema = new mongoose.Schema({
+  name: {
+    type: String,
+    required: true,
+    trim: true
+  },
+  systemPrompt: {
+    type: String,
+    default: `You are a helpful assistant with access to specific tools for querying data.
+
+AVAILABLE TOOLS:
+
+1. query_database: Query the MongoDB database for insights.
+   - Parameters:
+     - modelName (required): The name of the Mongoose model (e.g., User, Markdown, AuditEvent)
+     - query (required): The MongoDB query object
+     - limit (optional): Limit the number of results (default: 5)
+   - Usage: Use this when you need to fetch specific data from the database.
+
+2. get_system_stats: Get general statistics about the system.
+   - Parameters: None
+   - Usage: Use this when you need overall counts of users, markdowns, and other system entities.
+
+3. raw_db_query: Execute raw MongoDB queries for database exploration.
+   - Parameters:
+     - queryType (required): The type of raw query to execute
+       • listDatabases: List all databases (requires admin access)
+       • listCollections: List all collections in a database
+       • countDocuments: Count documents in a collection
+       • findOne: Find a single document in a collection
+       • aggregate: Run aggregation pipeline
+       • adminCommand: Execute admin commands
+     - database (optional): Database name (defaults to current database)
+     - collection (required for collection queries): Collection name
+     - filter (optional): MongoDB filter/query object. Can be:
+       • A JSON object: { createdAt: { $gte: new Date() } }
+       • A JSON string: '{"createdAt": {"$gte": {"$date": "2024-01-01"}}}'
+       • For aggregate: an array of pipeline stages as object or JSON string
+     - limit (optional): Limit results (default: 10)
+     - adminCommand (optional): Admin command for adminCommand queryType (as object or JSON string)
+   - Usage: Use this to discover collection names, databases, or run admin commands.
+   - IMPORTANT: For complex queries, use JSON string format to avoid parsing issues
+
+IMPORTANT ERROR HANDLING INSTRUCTIONS:
+- When a tool returns an error, it will be in structured JSON format with error details
+- ALWAYS provide a friendly, conversational response to the user about tool errors
+- NEVER show raw error JSON to users
+- DO: "I had trouble accessing the database. Let me try a different approach..."
+- DO NOT: Show the actual error JSON to users
+- Extract the error message and provide helpful suggestions based on the error context
+- If an error is not recoverable, explain why and suggest alternatives
+- If an error is recoverable, explain what you'll try next
+- Use the error suggestions provided in the tool response to inform your response
+
+INSTRUCTIONS:
+- Always use tools when you need actual data from the database
+- Never make up data or statistics
+- For database queries, use exact model names as they appear in the system
+- When using query_database, construct appropriate MongoDB query objects based on the user's request
+- If you don't have enough information for a query, ask clarifying questions
+- Use get_system_stats for high-level overview requests
+- Use raw_db_query for:
+  * Discovering what collections exist: queryType: "listCollections"
+  * Finding database names: queryType: "listDatabases" (may require admin)
+  * Counting documents: queryType: "countDocuments" with collection and filter
+  * Exploring collection structure: queryType: "findOne" or "aggregate"
+- For specific records, use query_database with appropriate filters
+
+Respond helpfully and only use the tools when necessary for accurate information. Always provide friendly error messages to users when tools fail.`
+  },
+  providerKey: {
+    type: String,
+    required: true
+  },
+  model: {
+    type: String,
+    required: true
+  },
+  tools: {
+    type: [String],
+    default: []
+  },
+  temperature: {
+    type: Number,
+    default: 0.7
+  },
+  maxIterations: {
+    type: Number,
+    default: 10
+  },
+  orgId: {
+    type: mongoose.Schema.Types.ObjectId,
+    ref: 'Organization'
+  },
+  ownerUserId: {
+    type: mongoose.Schema.Types.ObjectId,
+    ref: 'User'
+  }
+}, {
+  timestamps: true
+});
+
+module.exports = mongoose.model('Agent', agentSchema);

package/src/models/AgentMessage.js

@@ -0,0 +1,82 @@
+const mongoose = require('mongoose');
+const { ObjectId } = mongoose.Schema.Types;
+
+const agentMessageSchema = new mongoose.Schema({
+  agentId: {
+    type: ObjectId,
+    ref: 'Agent',
+    required: true,
+    index: true
+  },
+  chatId: {
+    type: String,
+    required: true,
+    index: true
+  },
+  role: {
+    type: String,
+    enum: ['user', 'assistant', 'system', 'tool'],
+    required: true
+  },
+  content: {
+    type: String,
+    required: function() {
+      // Content is not required if:
+      // 1. Role is 'tool' (content might be in metadata or implied) - though usually tool has content
+      // 2. Role is 'assistant' AND it has toolCalls (OpenAI often returns null content with tool calls)
+      if (this.role === 'tool') return false;
+      if (this.role === 'assistant' && this.toolCalls && this.toolCalls.length > 0) return false;
+      return true;
+    }
+  },
+  toolCalls: [{
+    name: String,
+    arguments: mongoose.Schema.Types.Mixed,
+    toolCallId: String
+  }],
+  toolCallId: {
+    type: String,
+    index: true
+  },
+  metadata: {
+    tokens: Number,
+    processingTime: Number,
+    model: String,
+    provider: String,
+    timestamp: Date,
+    temperature: Number
+  },
+  createdAt: {
+    type: Date,
+    default: Date.now,
+    index: true
+  },
+  updatedAt: {
+    type: Date,
+    default: Date.now
+  }
+}, {
+  timestamps: true,
+  toJSON: { virtuals: true },
+  toObject: { virtuals: true }
+});
+
+// Compound index for efficient session history retrieval
+agentMessageSchema.index(
+  { agentId: 1, chatId: 1, createdAt: 1 },
+  { name: 'session_history_idx' }
+);
+
+// Index for tool call lookup
+agentMessageSchema.index(
+  { toolCallId: 1 },
+  { name: 'tool_call_idx' }
+);
+
+// Index for searching content
+agentMessageSchema.index(
+  { content: 'text' },
+  { name: 'content_search_idx' }
+);
+
+module.exports = mongoose.model('AgentMessage', agentMessageSchema);

package/src/models/GlobalSetting.js

@@ -8,7 +8,17 @@ const globalSettingSchema = new mongoose.Schema({
   },
   value: {
     type: String,
-    required: true
+    default: '',
+    validate: {
+      validator: function(v) {
+        // Only encrypted values cannot be empty
+        if (this.type === 'encrypted') {
+          return v && v.trim().length > 0;
+        }
+        return true; // Allow any value (including empty) for other types
+      },
+      message: 'Encrypted values cannot be empty'
+    }
   },
   type: {
     type: String,

package/src/models/Markdown.js

@@ -0,0 +1,75 @@
+const mongoose = require('mongoose');
+
+const markdownSchema = new mongoose.Schema(
+  {
+    title: {
+      type: String,
+      required: true,
+      trim: true,
+    },
+    slug: {
+      type: String,
+      required: true,
+      index: true,
+      trim: true,
+    },
+    category: {
+      type: String,
+      required: true,
+      index: true,
+      trim: true,
+      default: 'general',
+    },
+    group_code: {
+      type: String,
+      required: false,
+      index: true,
+      trim: true,
+      default: '',
+    },
+    markdownRaw: {
+      type: String,
+      required: true,
+      default: '',
+    },
+    publicEnabled: {
+      type: Boolean,
+      default: false,
+      index: true,
+    },
+    cacheTtlSeconds: {
+      type: Number,
+      default: 0,
+    },
+    status: {
+      type: String,
+      enum: ['draft', 'published', 'archived'],
+      default: 'draft',
+      index: true,
+    },
+    ownerUserId: {
+      type: mongoose.Schema.Types.ObjectId,
+      ref: 'User',
+      index: true,
+      default: null,
+    },
+    orgId: {
+      type: mongoose.Schema.Types.ObjectId,
+      ref: 'Organization',
+      index: true,
+      default: null,
+    },
+  },
+  { timestamps: true },
+);
+
+// Compound unique index for fast lookups
+markdownSchema.index({ category: 1, group_code: 1, slug: 1 }, { unique: true });
+
+// Additional indexes for common queries
+markdownSchema.index({ status: 1, publicEnabled: 1 });
+markdownSchema.index({ category: 1, status: 1 });
+markdownSchema.index({ ownerUserId: 1, createdAt: -1 });
+markdownSchema.index({ orgId: 1, createdAt: -1 });
+
+module.exports = mongoose.model('Markdown', markdownSchema);

package/src/models/ScriptRun.js

@@ -14,6 +14,14 @@ const scriptRunSchema = new mongoose.Schema(
     finishedAt: { type: Date, default: null },
     exitCode: { type: Number, default: null },
     outputTail: { type: String, default: '' },
+    fullOutput: { type: String, default: '' },
+    programmaticOutput: { type: String, default: '' },
+    returnResult: { type: String, default: '' },
+    lastConsoleLog: { type: String, default: '' },
+    outputType: { type: String, enum: ['return', 'console', 'none'], default: 'none' },
+    outputSize: { type: Number, default: 0 },
+    lineCount: { type: Number, default: 0 },
+    lastOutputUpdate: { type: Date, default: null },
     meta: { type: mongoose.Schema.Types.Mixed, default: null },
   },
   { timestamps: true, collection: 'script_runs' },

package/src/models/TelegramBot.js

@@ -0,0 +1,42 @@
+const mongoose = require('mongoose');
+
+const telegramBotSchema = new mongoose.Schema({
+  name: {
+    type: String,
+    required: true,
+    trim: true
+  },
+  token: {
+    type: String,
+    required: true,
+    trim: true
+  },
+  isActive: {
+    type: Boolean,
+    default: false
+  },
+  allowedUserIds: {
+    type: [String],
+    default: []
+  },
+  defaultAgentId: {
+    type: mongoose.Schema.Types.ObjectId,
+    ref: 'Agent'
+  },
+  orgId: {
+    type: mongoose.Schema.Types.ObjectId,
+    ref: 'Organization'
+  },
+  status: {
+    type: String,
+    enum: ['stopped', 'running', 'error'],
+    default: 'stopped'
+  },
+  lastError: {
+    type: String
+  }
+}, {
+  timestamps: true
+});
+
+module.exports = mongoose.model('TelegramBot', telegramBotSchema);

package/src/models/UiComponent.js

@@ -20,6 +20,8 @@ const uiComponentSchema = new mongoose.Schema(
     api: { type: mongoose.Schema.Types.Mixed, default: null },
     usageMarkdown: { type: String, default: '' },
 
+    previewExample: { type: String, default: null },
+
     version: { type: Number, default: 1 },
     isActive: { type: Boolean, default: true, index: true },
   },

package/src/models/User.js

@@ -56,7 +56,7 @@ const userSchema = new mongoose.Schema({
   },
   role: {
     type: String,
-    enum: ['user', 'admin'],
+    enum: ['user', 'admin', 'superadmin', 'limited-admin', 'content-manager', 'developer'],
     default: 'user'
   }
 }, {

package/src/routes/admin.routes.js

@@ -1,10 +1,10 @@
 const express = require('express');
 const router = express.Router();
 const adminController = require('../controllers/admin.controller');
-const { basicAuth } = require('../middleware/auth');
+const { adminSessionAuth } = require('../middleware/auth');
 
-// All admin routes protected by basic auth
-router.use(basicAuth);
+// All admin routes protected by session auth
+router.use(adminSessionAuth);
 
 router.get('/users', adminController.getUsers);
 router.post('/users/register', adminController.registerUser);

package/src/routes/adminAgents.routes.js

@@ -0,0 +1,13 @@
+const express = require('express');
+const router = express.Router();
+const adminAgentsController = require('../controllers/adminAgents.controller');
+const { adminSessionAuth } = require('../middleware/auth');
+
+router.use(adminSessionAuth);
+
+router.get('/', adminAgentsController.listAgents);
+router.post('/', adminAgentsController.createAgent);
+router.put('/:id', adminAgentsController.updateAgent);
+router.delete('/:id', adminAgentsController.deleteAgent);
+
+module.exports = router;

package/src/routes/adminAssets.routes.js

@@ -1,7 +1,7 @@
 const express = require('express');
 const router = express.Router();
 const multer = require('multer');
-const { basicAuth } = require('../middleware/auth');
+const { adminSessionAuth } = require('../middleware/auth');
 const adminAssetsController = require('../controllers/adminAssets.controller');
 const { auditMiddleware } = require('../services/auditLogger');
 
@@ -14,15 +14,15 @@ const upload = multer({
   }
 });
 
-router.get('/info', basicAuth, adminAssetsController.getStorageInfo);
-router.use('/storage', basicAuth, adminAssetsStorageRoutes);
-router.get('/', basicAuth, adminAssetsController.list);
-router.get('/:id', basicAuth, adminAssetsController.get);
-router.post('/bulk/move-namespace', basicAuth, auditMiddleware('admin.assets.bulk.moveNamespace', { entityType: 'Asset' }), adminAssetsController.bulkMoveNamespace);
-router.post('/bulk/set-tags', basicAuth, auditMiddleware('admin.assets.bulk.setTags', { entityType: 'Asset' }), adminAssetsController.bulkSetTags);
-router.post('/upload', basicAuth, upload.single('file'), adminAssetsController.upload);
-router.post('/:id/replace', basicAuth, upload.single('file'), adminAssetsController.replace);
-router.patch('/:id', basicAuth, adminAssetsController.update);
-router.delete('/:id', basicAuth, adminAssetsController.delete);
+router.get('/info', adminSessionAuth, adminAssetsController.getStorageInfo);
+router.use('/storage', adminSessionAuth, adminAssetsStorageRoutes);
+router.get('/', adminSessionAuth, adminAssetsController.list);
+router.get('/:id', adminSessionAuth, adminAssetsController.get);
+router.post('/bulk/move-namespace', adminSessionAuth, auditMiddleware('admin.assets.bulk.moveNamespace', { entityType: 'Asset' }), adminAssetsController.bulkMoveNamespace);
+router.post('/bulk/set-tags', adminSessionAuth, auditMiddleware('admin.assets.bulk.setTags', { entityType: 'Asset' }), adminAssetsController.bulkSetTags);
+router.post('/upload', adminSessionAuth, upload.single('file'), adminAssetsController.upload);
+router.post('/:id/replace', adminSessionAuth, upload.single('file'), adminAssetsController.replace);
+router.patch('/:id', adminSessionAuth, adminAssetsController.update);
+router.delete('/:id', adminSessionAuth, adminAssetsController.delete);
 
 module.exports = router;

package/src/routes/adminBlog.routes.js

@@ -1,10 +1,10 @@
 const express = require('express');
 const router = express.Router();
 
-const { basicAuth } = require('../middleware/auth');
+const { adminSessionAuth } = require('../middleware/auth');
 const controller = require('../controllers/blogAdmin.controller');
 
-router.use(basicAuth);
+router.use(adminSessionAuth);
 router.use(express.json({ limit: '2mb' }));
 
 router.get('/blog-posts', controller.list);

package/src/routes/adminBlogAi.routes.js

@@ -1,11 +1,11 @@
 const express = require('express');
 const router = express.Router();
 
-const { basicAuth } = require('../middleware/auth');
+const { adminSessionAuth } = require('../middleware/auth');
 const controller = require('../controllers/blogAiAdmin.controller');
 const rateLimiter = require('../services/rateLimiter.service');
 
-router.use(basicAuth);
+router.use(adminSessionAuth);
 router.use(express.json({ limit: '2mb' }));
 
 router.post('/blog-ai/generate-field', rateLimiter.limit('blogAiLimiter'), controller.generateField);

package/src/routes/adminBlogAutomation.routes.js

@@ -1,11 +1,11 @@
 const express = require('express');
 const router = express.Router();
 
-const { basicAuth } = require('../middleware/auth');
+const { adminSessionAuth } = require('../middleware/auth');
 const controller = require('../controllers/blogAutomationAdmin.controller');
 const rateLimiter = require('../services/rateLimiter.service');
 
-router.use(basicAuth);
+router.use(adminSessionAuth);
 router.use(express.json({ limit: '2mb' }));
 
 router.get('/blog-automation/config', controller.getConfig);

package/src/routes/adminCache.routes.js

@@ -1,10 +1,10 @@
 const express = require('express');
 const router = express.Router();
 
-const { basicAuth } = require('../middleware/auth');
+const { adminSessionAuth } = require('../middleware/auth');
 const controller = require('../controllers/adminCache.controller');
 
-router.use(basicAuth);
+router.use(adminSessionAuth);
 
 router.get('/config', controller.getConfig);
 router.put('/config', controller.updateConfig);

package/src/routes/adminConsoleManager.routes.js

@@ -1,7 +1,7 @@
 const express = require('express');
 const router = express.Router();
 
-const { basicAuth } = require('../middleware/auth');
+const { adminSessionAuth } = require('../middleware/auth');
 const ConsoleEntry = require('../models/ConsoleEntry');
 const ConsoleLog = require('../models/ConsoleLog');
 const GlobalSetting = require('../models/GlobalSetting');
@@ -21,7 +21,7 @@ function toInt(val, fallback) {
   return Number.isFinite(n) ? n : fallback;
 }
 
-router.use(basicAuth);
+router.use(adminSessionAuth);
 
 router.get('/config', async (req, res) => {
   try {

package/src/routes/adminCrons.routes.js

@@ -1,10 +1,10 @@
 const express = require('express');
 const router = express.Router();
 
-const { basicAuth } = require('../middleware/auth');
+const { adminSessionAuth } = require('../middleware/auth');
 const controller = require('../controllers/adminCrons.controller');
 
-router.use(basicAuth);
+router.use(adminSessionAuth);
 
 router.get('/', controller.listCronJobs);
 router.post('/', controller.createCronJob);

package/src/routes/adminDataCleanup.routes.js

@@ -0,0 +1,26 @@
+const express = require('express');
+const router = express.Router();
+
+const { adminSessionAuth } = require('../middleware/auth');
+const { auditMiddleware } = require('../services/auditLogger');
+const controller = require('../controllers/adminDataCleanup.controller');
+
+router.use(adminSessionAuth);
+
+router.get('/overview', controller.getOverview);
+
+router.post(
+  '/dry-run',
+  auditMiddleware('admin.data_cleanup.dry_run', { entityType: 'DataCleanup' }),
+  controller.dryRun,
+);
+
+router.post(
+  '/execute',
+  auditMiddleware('admin.data_cleanup.execute', { entityType: 'DataCleanup' }),
+  controller.execute,
+);
+
+router.get('/infer-fields', controller.inferFields);
+
+module.exports = router;

package/src/routes/adminDbBrowser.routes.js

@@ -1,11 +1,11 @@
 const express = require('express');
 const router = express.Router();
 
-const { basicAuth } = require('../middleware/auth');
+const { adminSessionAuth } = require('../middleware/auth');
 const { auditMiddleware } = require('../services/auditLogger');
 const controller = require('../controllers/adminDbBrowser.controller');
 
-router.use(basicAuth);
+router.use(adminSessionAuth);
 
 // Connection profiles
 router.get('/connections', controller.listConnections);

package/src/routes/adminEjsVirtual.routes.js

@@ -1,10 +1,10 @@
 const express = require('express');
 const router = express.Router();
-const { basicAuth } = require('../middleware/auth');
+const { adminSessionAuth } = require('../middleware/auth');
 const controller = require('../controllers/adminEjsVirtual.controller');
 const rateLimiter = require('../services/rateLimiter.service');
 
-router.use(basicAuth);
+router.use(adminSessionAuth);
 
 router.get('/files', controller.list);
 router.get('/file', controller.getFile);

package/src/routes/adminFeatureFlags.routes.js

@@ -1,12 +1,12 @@
 const express = require('express');
 const router = express.Router();
-const { basicAuth } = require('../middleware/auth');
+const { adminSessionAuth } = require('../middleware/auth');
 const adminFeatureFlagsController = require('../controllers/adminFeatureFlags.controller');
 
-router.get('/', basicAuth, adminFeatureFlagsController.listFlags);
-router.get('/:key', basicAuth, adminFeatureFlagsController.getFlag);
-router.post('/', basicAuth, adminFeatureFlagsController.createFlag);
-router.put('/:key', basicAuth, adminFeatureFlagsController.updateFlag);
-router.delete('/:key', basicAuth, adminFeatureFlagsController.deleteFlag);
+router.get('/', adminSessionAuth, adminFeatureFlagsController.listFlags);
+router.get('/:key', adminSessionAuth, adminFeatureFlagsController.getFlag);
+router.post('/', adminSessionAuth, adminFeatureFlagsController.createFlag);
+router.put('/:key', adminSessionAuth, adminFeatureFlagsController.updateFlag);
+router.delete('/:key', adminSessionAuth, adminFeatureFlagsController.deleteFlag);
 
 module.exports = router;

package/src/routes/adminHeadless.routes.js

@@ -1,11 +1,11 @@
 const express = require('express');
 const router = express.Router();
 
-const { basicAuth } = require('../middleware/auth');
+const { adminSessionAuth } = require('../middleware/auth');
 const adminHeadlessController = require('../controllers/adminHeadless.controller');
 const rateLimiter = require('../services/rateLimiter.service');
 
-router.use(basicAuth);
+router.use(adminSessionAuth);
 
 // Models
 router.get('/models', adminHeadlessController.listModels);

package/src/routes/adminHealthChecks.routes.js

@@ -1,10 +1,10 @@
 const express = require('express');
 const router = express.Router();
 
-const { basicAuth } = require('../middleware/auth');
+const { adminSessionAuth } = require('../middleware/auth');
 const controller = require('../controllers/adminHealthChecks.controller');
 
-router.use(basicAuth);
+router.use(adminSessionAuth);
 
 router.get('/config', controller.getConfig);
 router.put('/config', controller.updateConfig);

package/src/routes/adminI18n.routes.js

@@ -1,11 +1,11 @@
 const express = require('express');
 const router = express.Router();
-const { basicAuth } = require('../middleware/auth');
+const { adminSessionAuth } = require('../middleware/auth');
 
 const adminI18nController = require('../controllers/adminI18n.controller');
 const rateLimiter = require('../services/rateLimiter.service');
 
-router.use(basicAuth);
+router.use(adminSessionAuth);
 
 router.get('/locales', adminI18nController.listLocales);
 router.post('/locales', adminI18nController.createLocale);

package/src/routes/adminJsonConfigs.routes.js

@@ -1,15 +1,15 @@
 const express = require('express');
 const router = express.Router();
-const { basicAuth } = require('../middleware/auth');
+const { adminSessionAuth } = require('../middleware/auth');
 
 const adminJsonConfigsController = require('../controllers/adminJsonConfigs.controller');
 
-router.get('/', basicAuth, adminJsonConfigsController.list);
-router.get('/:id', basicAuth, adminJsonConfigsController.get);
-router.post('/', basicAuth, adminJsonConfigsController.create);
-router.put('/:id', basicAuth, adminJsonConfigsController.update);
-router.post('/:id/regenerate-slug', basicAuth, adminJsonConfigsController.regenerateSlug);
-router.post('/:id/clear-cache', basicAuth, adminJsonConfigsController.clearCache);
-router.delete('/:id', basicAuth, adminJsonConfigsController.remove);
+router.get('/', adminSessionAuth, adminJsonConfigsController.list);
+router.get('/:id', adminSessionAuth, adminJsonConfigsController.get);
+router.post('/', adminSessionAuth, adminJsonConfigsController.create);
+router.put('/:id', adminSessionAuth, adminJsonConfigsController.update);
+router.post('/:id/regenerate-slug', adminSessionAuth, adminJsonConfigsController.regenerateSlug);
+router.post('/:id/clear-cache', adminSessionAuth, adminJsonConfigsController.clearCache);
+router.delete('/:id', adminSessionAuth, adminJsonConfigsController.remove);
 
 module.exports = router;