@nextsparkjs/plugin-ai 0.1.0-beta.49 → 0.1.0-beta.51

package/api/ai-history/[id]/route.ts

@@ -10,6 +10,7 @@
 import { NextRequest, NextResponse } from 'next/server'
 import { auth } from '@nextsparkjs/core/lib/auth'
 import { AIHistoryService } from '@/plugins/ai/lib/ai-history-service'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
 
 interface RouteParams {
   params: Promise<{
@@ -21,10 +22,10 @@ interface RouteParams {
  * PATCH /api/v1/plugin/ai/ai-history/:id
  * Update related entity information for an AI history record
  */
-export async function PATCH(
+const patchHandler = async (
   request: NextRequest,
   { params }: RouteParams
-): Promise<NextResponse> {
+): Promise<NextResponse> => {
   try {
     // Authenticate user
     const session = await auth.api.getSession({
@@ -110,3 +111,5 @@ export async function PATCH(
     )
   }
 }
+
+export const PATCH = withRateLimitTier(patchHandler, 'write')

package/api/embeddings/route.ts

@@ -9,6 +9,7 @@ import { NextRequest, NextResponse } from 'next/server'
 import { validatePlugin, handleAIError } from '../../lib/core-utils'
 import { getServerPluginConfig } from '../../lib/server-env'
 import { authenticateRequest } from '@nextsparkjs/core/lib/api/auth/dual-auth'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
 import { embed } from 'ai'
 import { openai } from '@ai-sdk/openai'
 import { z } from 'zod'
@@ -18,7 +19,7 @@ const EmbeddingRequestSchema = z.object({
   text: z.string().min(1, 'Text cannot be empty').max(50000, 'Text too long')
 })
 
-export async function POST(request: NextRequest) {
+const postHandler = async (request: NextRequest) => {
   try {
     // 1. Authentication
     const authResult = await authenticateRequest(request)
@@ -80,10 +81,12 @@ export async function POST(request: NextRequest) {
   }
 }
 
+export const POST = withRateLimitTier(postHandler, 'write')
+
 /**
  * Get endpoint info
  */
-export async function GET(): Promise<NextResponse> {
+const getHandler = async (): Promise<NextResponse> => {
   return NextResponse.json({
     endpoint: '/api/v1/plugin/ai/embeddings',
     description: 'Generate text embeddings using OpenAI',
@@ -127,3 +130,5 @@ export async function GET(): Promise<NextResponse> {
     }
   })
 }
+
+export const GET = withRateLimitTier(getHandler, 'read')

package/api/generate/route.ts

@@ -9,6 +9,7 @@ import { NextRequest, NextResponse } from 'next/server'
 import { selectModel, calculateCost, validatePlugin, extractTokens, handleAIError } from '../../lib/core-utils'
 import { getServerPluginConfig } from '../../lib/server-env'
 import { authenticateRequest } from '@nextsparkjs/core/lib/api/auth/dual-auth'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
 import { generateText } from 'ai'
 import { saveExampleSafely } from '../../lib/save-example'
 import { z } from 'zod'
@@ -25,7 +26,7 @@ const GenerateRequestSchema = z.object({
   saveExample: z.boolean().optional().default(false)
 })
 
-export async function POST(request: NextRequest) {
+const postHandler = async (request: NextRequest) => {
   try {
     // 1. Authentication
     const authResult = await authenticateRequest(request)
@@ -119,10 +120,12 @@ export async function POST(request: NextRequest) {
   }
 }
 
+export const POST = withRateLimitTier(postHandler, 'write')
+
 /**
  * Get endpoint info
  */
-export async function GET(): Promise<NextResponse> {
+const getHandler = async (): Promise<NextResponse> => {
   const config = await getServerPluginConfig()
 
   return NextResponse.json({
@@ -157,4 +160,6 @@ export async function GET(): Promise<NextResponse> {
       anthropic: 'Add ANTHROPIC_API_KEY to contents/plugins/ai/.env'
     }
   })
-}
+}
+
+export const GET = withRateLimitTier(getHandler, 'read')

package/entities/ai-history/ai-history.config.ts

@@ -57,46 +57,7 @@ export const aiHistoryEntityConfig: EntityConfig = {
   },
 
   // ==========================================
-  // 4. PERMISSIONS SYSTEM
-  // ==========================================
-  permissions: {
-    actions: [
-      {
-        action: 'create',
-        label: 'Create AI history',
-        description: 'Can create AI history entries (typically via API)',
-        roles: ['owner', 'admin', 'member'],
-      },
-      {
-        action: 'read',
-        label: 'View AI history',
-        description: 'Can view AI history entries (users see their own via API filtering)',
-        roles: ['owner', 'admin', 'member'],
-      },
-      {
-        action: 'list',
-        label: 'List AI history',
-        description: 'Can list AI history entries',
-        roles: ['owner', 'admin', 'member'],
-      },
-      {
-        action: 'update',
-        label: 'Edit AI history',
-        description: 'Can modify AI history entries (immutable for most users)',
-        roles: ['owner', 'admin'],
-      },
-      {
-        action: 'delete',
-        label: 'Delete AI history',
-        description: 'Can delete AI history entries (users can delete their own)',
-        roles: ['owner', 'admin', 'member'],
-        dangerous: true,
-      },
-    ],
-  },
-
-  // ==========================================
-  // 5. INTERNATIONALIZATION
+  // 4. INTERNATIONALIZATION
   // ==========================================
   i18n: {
     fallbackLocale: 'en',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nextsparkjs/plugin-ai",
-  "version": "0.1.0-beta.49",
+  "version": "0.1.0-beta.51",
   "private": false,
   "main": "./plugin.config.ts",
   "requiredPlugins": [],
@@ -18,7 +18,7 @@
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "zod": "^4.0.0",
-    "@nextsparkjs/core": "0.1.0-beta.49"
+    "@nextsparkjs/core": "0.1.0-beta.51"
   },
   "nextspark": {
     "type": "plugin",