npm - @open-mercato/ai-assistant - Versions diffs - 0.6.1-develop.3246.1.dbef9d7392 → 0.6.1-develop.3256.1.fe3dec2464 - Mend

@open-mercato/ai-assistant 0.6.1-develop.3246.1.dbef9d7392 → 0.6.1-develop.3256.1.fe3dec2464

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (133) hide show

package/src/modules/ai_assistant/lib/__tests__/agent-runtime-phase4a.test.ts ADDED Viewed

@@ -0,0 +1,396 @@
+/**
+ * Phase 4a unit tests — per-turn tenant override hydration in agent-runtime.
+ *
+ * Verifies that `resolveRuntimeModelOverride` is called once per turn (both
+ * `runAiAgentText` and `runAiAgentObject`), that its return value is threaded
+ * into `createModelFactory.resolveModel`, and that a repository failure falls
+ * open (warn + fall through) without failing the chat turn.
+ */
+import type { AiAgentDefinition } from '../ai-agent-definition'
+const streamTextMock = jest.fn()
+const convertToModelMessagesMock = jest.fn((messages: unknown) => messages)
+const generateObjectMock = jest.fn()
+const stepCountIsMock = jest.fn((count: number) => ({ __stopWhen: 'stepCount', count }))
+jest.mock('ai', () => {
+  const actual = jest.requireActual('ai')
+  return {
+    ...actual,
+    streamText: (...args: unknown[]) => streamTextMock(...args),
+    generateObject: (...args: unknown[]) => generateObjectMock(...args),
+    stepCountIs: (...args: unknown[]) => stepCountIsMock(...(args as [number])),
+    convertToModelMessages: (...args: unknown[]) => convertToModelMessagesMock(...args),
+  }
+})
+const createModelMock = jest.fn(
+  (options: { modelId: string }) => ({ id: options.modelId }),
+)
+const resolveApiKeyMock = jest.fn(() => 'test-api-key')
+jest.mock('@open-mercato/shared/lib/ai/llm-provider-registry', () => ({
+  llmProviderRegistry: {
+    resolveFirstConfigured: (options?: { order?: readonly string[] }) => {
+      const order = options?.order
+      if (order && order.includes('tenant-provider')) {
+        return {
+          id: 'tenant-provider',
+          defaultModel: 'tenant-default-model',
+          resolveApiKey: resolveApiKeyMock,
+          createModel: createModelMock,
+          isConfigured: () => true,
+        }
+      }
+      return {
+        id: 'test-provider',
+        defaultModel: 'provider-default-model',
+        resolveApiKey: resolveApiKeyMock,
+        createModel: createModelMock,
+        isConfigured: () => true,
+      }
+    },
+    get: (id: string) => {
+      if (id === 'tenant-provider') {
+        return {
+          id: 'tenant-provider',
+          defaultModel: 'tenant-default-model',
+          resolveApiKey: resolveApiKeyMock,
+          createModel: createModelMock,
+          isConfigured: () => true,
+        }
+      }
+      return null
+    },
+    list: () => [],
+  },
+}))
+const getDefaultMock = jest.fn()
+jest.mock(
+  '../../data/repositories/AiAgentRuntimeOverrideRepository',
+  () => {
+    return {
+      AiAgentRuntimeOverrideRepository: jest.fn().mockImplementation(() => ({
+        getDefault: getDefaultMock,
+      })),
+    }
+  },
+)
+import { z } from 'zod'
+import { resetAgentRegistryForTests, seedAgentRegistryForTests } from '../agent-registry'
+import { toolRegistry } from '../tool-registry'
+import { runAiAgentText, runAiAgentObject } from '../agent-runtime'
+function makeAgent(
+  overrides: Partial<AiAgentDefinition> & Pick<AiAgentDefinition, 'id' | 'moduleId'>,
+): AiAgentDefinition {
+  return {
+    label: `${overrides.id} label`,
+    description: `${overrides.id} description`,
+    systemPrompt: 'System prompt base.',
+    allowedTools: [],
+    ...overrides,
+  }
+}
+const baseAuth = {
+  tenantId: 'tenant-1',
+  organizationId: 'org-1',
+  userId: 'user-1',
+  features: ['*'],
+  isSuperAdmin: true,
+}
+const baseMessages = [{ role: 'user' as const, id: 'm1', parts: [{ type: 'text' as const, text: 'hi' }] }]
+function fakeStreamResult() {
+  return {
+    toUIMessageStreamResponse: jest.fn(
+      () => new Response('streamed', { status: 200, headers: { 'Content-Type': 'text/event-stream' } }),
+    ),
+  }
+}
+function makeFakeEm() {
+  return {
+    findOne: jest.fn(),
+    fork: jest.fn(),
+  }
+}
+function makeContainer(em: ReturnType<typeof makeFakeEm>) {
+  return {
+    resolve: jest.fn((key: string) => {
+      if (key === 'em') return em
+      throw new Error(`Unknown DI key: ${key}`)
+    }),
+  }
+}
+describe('Phase 4a — runtime model override hydration in agent-runtime', () => {
+  let warnSpy: jest.SpyInstance
+  beforeEach(() => {
+    jest.clearAllMocks()
+    resetAgentRegistryForTests()
+    toolRegistry.clear()
+    streamTextMock.mockImplementation(() => fakeStreamResult())
+    generateObjectMock.mockResolvedValue({ object: { result: 'ok' }, finishReason: 'stop', usage: {} })
+    warnSpy = jest.spyOn(console, 'warn').mockImplementation(() => {})
+  })
+  afterEach(() => {
+    warnSpy.mockRestore()
+  })
+  afterAll(() => {
+    resetAgentRegistryForTests()
+    toolRegistry.clear()
+  })
+  describe('runAiAgentText', () => {
+    it('calls getDefault exactly once per turn with agentId + tenantId + organizationId', async () => {
+      getDefaultMock.mockResolvedValue(null)
+      seedAgentRegistryForTests([
+        makeAgent({ id: 'customers.assistant', moduleId: 'customers' }),
+      ])
+      const fakeEm = makeFakeEm()
+      const container = makeContainer(fakeEm)
+      await runAiAgentText({
+        agentId: 'customers.assistant',
+        messages: baseMessages as never,
+        authContext: baseAuth,
+        container: container as never,
+      })
+      expect(getDefaultMock).toHaveBeenCalledTimes(1)
+      expect(getDefaultMock).toHaveBeenCalledWith({
+        tenantId: 'tenant-1',
+        organizationId: 'org-1',
+        agentId: 'customers.assistant',
+      })
+    })
+    it('uses model from tenantOverride row when the repo returns one', async () => {
+      getDefaultMock.mockResolvedValue({
+        providerId: 'tenant-provider',
+        modelId: 'tenant-model-from-db',
+        baseUrl: null,
+      })
+      seedAgentRegistryForTests([
+        makeAgent({ id: 'customers.assistant', moduleId: 'customers' }),
+      ])
+      const container = makeContainer(makeFakeEm())
+      await runAiAgentText({
+        agentId: 'customers.assistant',
+        messages: baseMessages as never,
+        authContext: baseAuth,
+        container: container as never,
+      })
+      expect(createModelMock).toHaveBeenCalledWith(
+        expect.objectContaining({ modelId: 'tenant-model-from-db' }),
+      )
+    })
+    it('forwards requestOverride from input through to model factory', async () => {
+      getDefaultMock.mockResolvedValue(null)
+      seedAgentRegistryForTests([
+        makeAgent({ id: 'customers.assistant', moduleId: 'customers' }),
+      ])
+      const container = makeContainer(makeFakeEm())
+      await runAiAgentText({
+        agentId: 'customers.assistant',
+        messages: baseMessages as never,
+        authContext: baseAuth,
+        container: container as never,
+        requestOverride: { providerId: null, modelId: 'request-override-model', baseURL: null },
+      })
+      expect(createModelMock).toHaveBeenCalledWith(
+        expect.objectContaining({ modelId: 'request-override-model' }),
+      )
+    })
+    it('requestOverride wins over tenantOverride when both are present', async () => {
+      getDefaultMock.mockResolvedValue({
+        providerId: null,
+        modelId: 'tenant-model',
+        baseUrl: null,
+      })
+      seedAgentRegistryForTests([
+        makeAgent({ id: 'customers.assistant', moduleId: 'customers' }),
+      ])
+      const container = makeContainer(makeFakeEm())
+      await runAiAgentText({
+        agentId: 'customers.assistant',
+        messages: baseMessages as never,
+        authContext: baseAuth,
+        container: container as never,
+        requestOverride: { providerId: null, modelId: 'request-wins-model', baseURL: null },
+      })
+      expect(createModelMock).toHaveBeenCalledWith(
+        expect.objectContaining({ modelId: 'request-wins-model' }),
+      )
+    })
+    it('falls open when the repo throws — warns and continues without override', async () => {
+      getDefaultMock.mockRejectedValue(new Error('DB connection failed'))
+      seedAgentRegistryForTests([
+        makeAgent({ id: 'customers.assistant', moduleId: 'customers', defaultModel: 'agent-default' }),
+      ])
+      const container = makeContainer(makeFakeEm())
+      const response = await runAiAgentText({
+        agentId: 'customers.assistant',
+        messages: baseMessages as never,
+        authContext: baseAuth,
+        container: container as never,
+      })
+      expect(response).toBeInstanceOf(Response)
+      expect(warnSpy).toHaveBeenCalledWith(
+        expect.stringContaining('Runtime model override lookup failed'),
+        expect.anything(),
+      )
+      expect(createModelMock).toHaveBeenCalledWith(
+        expect.objectContaining({ modelId: 'agent-default' }),
+      )
+    })
+    it('skips getDefault when no container is provided', async () => {
+      seedAgentRegistryForTests([
+        makeAgent({ id: 'customers.assistant', moduleId: 'customers' }),
+      ])
+      await runAiAgentText({
+        agentId: 'customers.assistant',
+        messages: baseMessages as never,
+        authContext: baseAuth,
+      })
+      expect(getDefaultMock).not.toHaveBeenCalled()
+    })
+    it('suppresses both overrides when allowRuntimeModelOverride is false', async () => {
+      getDefaultMock.mockResolvedValue({
+        providerId: null,
+        modelId: 'tenant-model-should-be-suppressed',
+        baseUrl: null,
+      })
+      seedAgentRegistryForTests([
+        makeAgent({
+          id: 'customers.assistant',
+          moduleId: 'customers',
+          defaultModel: 'pinned-agent-model',
+          allowRuntimeModelOverride: false,
+        }),
+      ])
+      const container = makeContainer(makeFakeEm())
+      await runAiAgentText({
+        agentId: 'customers.assistant',
+        messages: baseMessages as never,
+        authContext: baseAuth,
+        container: container as never,
+        requestOverride: { providerId: null, modelId: 'request-model-should-be-suppressed', baseURL: null },
+      })
+      // tenantOverride and requestOverride are both skipped; agent default wins
+      expect(createModelMock).toHaveBeenCalledWith(
+        expect.objectContaining({ modelId: 'pinned-agent-model' }),
+      )
+    })
+  })
+  describe('runAiAgentObject', () => {
+    const objectSchema = z.object({ result: z.string() })
+    it('calls getDefault exactly once per turn', async () => {
+      getDefaultMock.mockResolvedValue(null)
+      seedAgentRegistryForTests([
+        makeAgent({ id: 'catalog.extractor', moduleId: 'catalog', executionMode: 'object' }),
+      ])
+      const container = makeContainer(makeFakeEm())
+      await runAiAgentObject({
+        agentId: 'catalog.extractor',
+        input: 'extract data',
+        authContext: baseAuth,
+        container: container as never,
+        output: { schemaName: 'ExtractionResult', schema: objectSchema },
+      })
+      expect(getDefaultMock).toHaveBeenCalledTimes(1)
+      expect(getDefaultMock).toHaveBeenCalledWith({
+        tenantId: 'tenant-1',
+        organizationId: 'org-1',
+        agentId: 'catalog.extractor',
+      })
+    })
+    it('forwards requestOverride to model factory in object mode', async () => {
+      getDefaultMock.mockResolvedValue(null)
+      seedAgentRegistryForTests([
+        makeAgent({ id: 'catalog.extractor', moduleId: 'catalog', executionMode: 'object' }),
+      ])
+      const container = makeContainer(makeFakeEm())
+      await runAiAgentObject({
+        agentId: 'catalog.extractor',
+        input: 'extract data',
+        authContext: baseAuth,
+        container: container as never,
+        output: { schemaName: 'ExtractionResult', schema: objectSchema },
+        requestOverride: { providerId: null, modelId: 'object-request-model', baseURL: null },
+      })
+      expect(createModelMock).toHaveBeenCalledWith(
+        expect.objectContaining({ modelId: 'object-request-model' }),
+      )
+    })
+    it('falls open on repo failure in object mode', async () => {
+      getDefaultMock.mockRejectedValue(new Error('Table not found'))
+      seedAgentRegistryForTests([
+        makeAgent({ id: 'catalog.extractor', moduleId: 'catalog', defaultModel: 'catalog-default', executionMode: 'object' }),
+      ])
+      const container = makeContainer(makeFakeEm())
+      const result = await runAiAgentObject({
+        agentId: 'catalog.extractor',
+        input: 'extract data',
+        authContext: baseAuth,
+        container: container as never,
+        output: { schemaName: 'ExtractionResult', schema: objectSchema },
+      })
+      expect(result.mode).toBe('generate')
+      expect(warnSpy).toHaveBeenCalledWith(
+        expect.stringContaining('Runtime model override lookup failed'),
+        expect.anything(),
+      )
+      expect(createModelMock).toHaveBeenCalledWith(
+        expect.objectContaining({ modelId: 'catalog-default' }),
+      )
+    })
+  })
+})

package/src/modules/ai_assistant/lib/__tests__/agent-runtime.test.ts CHANGED Viewed

@@ -20,14 +20,44 @@ const createModelMock = jest.fn(
 )
 const resolveApiKeyMock = jest.fn(() => 'test-api-key')
+const openaiCreateModelMock = jest.fn(
+  (options: { modelId: string; apiKey: string }) => ({ id: options.modelId, apiKey: options.apiKey, provider: 'openai' }),
+)
+const openaiResolveApiKeyMock = jest.fn(() => 'openai-test-key')
 jest.mock('@open-mercato/shared/lib/ai/llm-provider-registry', () => ({
   llmProviderRegistry: {
-    resolveFirstConfigured: () => ({
-      id: 'test-provider',
-      defaultModel: 'provider-default-model',
-      resolveApiKey: resolveApiKeyMock,
-      createModel: createModelMock,
-    }),
+    resolveFirstConfigured: (options?: { env?: Record<string, string | undefined>; order?: readonly string[] }) => {
+      const order = options?.order
+      if (order && order.includes('openai')) {
+        return {
+          id: 'openai',
+          defaultModel: 'gpt-4o-mini',
+          resolveApiKey: openaiResolveApiKeyMock,
+          createModel: openaiCreateModelMock,
+          isConfigured: () => true,
+        }
+      }
+      return {
+        id: 'test-provider',
+        defaultModel: 'provider-default-model',
+        resolveApiKey: resolveApiKeyMock,
+        createModel: createModelMock,
+        isConfigured: () => true,
+      }
+    },
+    get: (id: string) => {
+      if (id === 'openai') {
+        return {
+          id: 'openai',
+          defaultModel: 'gpt-4o-mini',
+          resolveApiKey: openaiResolveApiKeyMock,
+          createModel: openaiCreateModelMock,
+          isConfigured: () => true,
+        }
+      }
+      return null
+    },
   },
 }))
@@ -273,6 +303,30 @@ describe('runAiAgentText', () => {
     expect(callArg.system).toBe('System prompt base.')
     errorSpy.mockRestore()
   })
+  it('uses openai provider when agent.defaultProvider=openai and anthropic is registration-first', async () => {
+    seedAgentRegistryForTests([
+      makeAgent({
+        id: 'customers.assistant',
+        moduleId: 'customers',
+        defaultProvider: 'openai',
+        defaultModel: 'gpt-5-mini',
+      }),
+    ])
+    await runAiAgentText({
+      agentId: 'customers.assistant',
+      messages: baseMessages as never,
+      authContext: baseAuth,
+      container: {} as never,
+    })
+    expect(openaiCreateModelMock).toHaveBeenCalledWith(
+      expect.objectContaining({ modelId: 'gpt-5-mini' }),
+    )
+    const callArg = streamTextMock.mock.calls[0][0] as { model: { id: string; provider?: string } }
+    expect(callArg.model.provider).toBe('openai')
+  })
 })
 describe('composeSystemPrompt', () => {

package/src/modules/ai_assistant/lib/__tests__/ai-api-operation-runner.test.ts CHANGED Viewed

@@ -421,8 +421,10 @@ describe('normalizePath (CodeQL js/polynomial-redos regression)', () => {
     const out = normalizePath(huge)
     const elapsed = Date.now() - start
     expect(out).toBe('/')
-    // 200ms is generous; the linear scan typically finishes in <20ms.
-    expect(elapsed).toBeLessThan(200)
+    // 1000ms is intentionally loose so slow CI runners don't flake. The linear
+    // scan typically finishes in <20ms; the polynomial-backtracking regression
+    // would take several seconds, so this budget still catches it.
+    expect(elapsed).toBeLessThan(1000)
   })
   it('only strips trailing slashes — never internal ones', () => {

package/src/modules/ai_assistant/lib/__tests__/baseurl-allowlist.test.ts ADDED Viewed

@@ -0,0 +1,75 @@
+import { readBaseurlAllowlist, isBaseurlAllowlisted } from '../baseurl-allowlist'
+describe('readBaseurlAllowlist', () => {
+  it('returns empty array when env var is absent', () => {
+    expect(readBaseurlAllowlist({})).toEqual([])
+  })
+  it('returns empty array when env var is empty string', () => {
+    expect(readBaseurlAllowlist({ AI_RUNTIME_BASEURL_ALLOWLIST: '' })).toEqual([])
+  })
+  it('returns trimmed lowercase entries split by comma', () => {
+    expect(
+      readBaseurlAllowlist({ AI_RUNTIME_BASEURL_ALLOWLIST: 'openrouter.ai, api.myproxy.io' }),
+    ).toEqual(['openrouter.ai', 'api.myproxy.io'])
+  })
+  it('filters out blank entries from trailing commas', () => {
+    expect(
+      readBaseurlAllowlist({ AI_RUNTIME_BASEURL_ALLOWLIST: 'openrouter.ai,' }),
+    ).toEqual(['openrouter.ai'])
+  })
+  it('normalises to lowercase', () => {
+    expect(
+      readBaseurlAllowlist({ AI_RUNTIME_BASEURL_ALLOWLIST: 'OpenRouter.AI' }),
+    ).toEqual(['openrouter.ai'])
+  })
+})
+describe('isBaseurlAllowlisted', () => {
+  it('returns true for empty baseUrl (no override requested)', () => {
+    expect(isBaseurlAllowlisted('', [])).toBe(true)
+    expect(isBaseurlAllowlisted('  ', [])).toBe(true)
+  })
+  it('returns false for non-empty baseUrl when allowlist is empty', () => {
+    expect(isBaseurlAllowlisted('https://openrouter.ai/api/v1', [])).toBe(false)
+  })
+  it('returns true for exact hostname match', () => {
+    const allowlist = ['openrouter.ai']
+    expect(isBaseurlAllowlisted('https://openrouter.ai/api/v1', allowlist)).toBe(true)
+  })
+  it('returns false for non-matching hostname', () => {
+    const allowlist = ['openrouter.ai']
+    expect(isBaseurlAllowlisted('https://evil.example.com/v1', allowlist)).toBe(false)
+  })
+  it('returns true for wildcard subdomain match', () => {
+    const allowlist = ['*.openrouter.ai']
+    expect(isBaseurlAllowlisted('https://api.openrouter.ai/v1', allowlist)).toBe(true)
+  })
+  it('does not match bare domain against wildcard pattern (*.example.com does not match example.com)', () => {
+    const allowlist = ['*.openrouter.ai']
+    expect(isBaseurlAllowlisted('https://openrouter.ai/v1', allowlist)).toBe(false)
+  })
+  it('matches the first matching pattern in the list', () => {
+    const allowlist = ['api.myproxy.io', 'openrouter.ai']
+    expect(isBaseurlAllowlisted('https://openrouter.ai/v1', allowlist)).toBe(true)
+  })
+  it('returns false when URL does not parse', () => {
+    const allowlist = ['openrouter.ai']
+    expect(isBaseurlAllowlisted('not-a-url', allowlist)).toBe(false)
+  })
+  it('is case-insensitive for hostname comparison', () => {
+    const allowlist = ['openrouter.ai']
+    expect(isBaseurlAllowlisted('https://OPENROUTER.AI/api/v1', allowlist)).toBe(true)
+  })
+})

package/src/modules/ai_assistant/lib/__tests__/llm-adapters-anthropic.test.ts CHANGED Viewed

@@ -69,4 +69,22 @@ describe('AnthropicAdapter', () => {
     expect(model).toBeDefined()
     expect(model).not.toBeNull()
   })
+  it('createModel forwards baseURL to createAnthropic without throwing', () => {
+    const model = adapter.createModel({
+      apiKey: 'sk-ant-test',
+      modelId: 'claude-haiku-4-5-20251001',
+      baseURL: 'https://gateway.ai.cloudflare.com/v1/account/gateway-name/anthropic',
+    })
+    expect(model).toBeDefined()
+    expect(model).not.toBeNull()
+  })
+  it('createModel without baseURL still works (Messages API default)', () => {
+    const model = adapter.createModel({
+      apiKey: 'sk-ant-test',
+      modelId: 'claude-haiku-4-5-20251001',
+    })
+    expect(model).toBeDefined()
+  })
 })

package/src/modules/ai_assistant/lib/__tests__/llm-adapters-google.test.ts CHANGED Viewed

@@ -68,4 +68,22 @@ describe('GoogleAdapter', () => {
     expect(model).toBeDefined()
     expect(model).not.toBeNull()
   })
+  it('createModel forwards baseURL to createGoogleGenerativeAI without throwing', () => {
+    const model = adapter.createModel({
+      apiKey: 'AIza-test',
+      modelId: 'gemini-3-flash',
+      baseURL: 'https://generativelanguage-proxy.example.com/v1beta',
+    })
+    expect(model).toBeDefined()
+    expect(model).not.toBeNull()
+  })
+  it('createModel without baseURL still works (Google API default)', () => {
+    const model = adapter.createModel({
+      apiKey: 'AIza-test',
+      modelId: 'gemini-3-flash',
+    })
+    expect(model).toBeDefined()
+  })
 })