npm - @open-mercato/ai-assistant - Versions diffs - 0.6.2-develop.3446.1.bd060c6017 → 0.6.2-develop.3467.1.2a1818709d - Mend

@open-mercato/ai-assistant 0.6.2-develop.3446.1.bd060c6017 → 0.6.2-develop.3467.1.2a1818709d

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

package/dist/modules/ai_assistant/api/ai/conversations/[conversationId]/route.js ADDED Viewed

@@ -0,0 +1,272 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import {
+  aiChatConversationTranscriptQuerySchema,
+  aiChatConversationUpdateSchema
+} from "../../../../data/validators.js";
+import { hasRequiredFeatures } from "../../../../lib/auth.js";
+import {
+  createConversationStorage,
+  serializeAiChatConversation,
+  serializeAiChatMessage
+} from "../../../../lib/conversation-storage.js";
+const REQUIRED_FEATURE = "ai_assistant.view";
+const MANAGE_CONVERSATIONS_FEATURE = "ai_assistant.conversations.manage";
+const conversationIdParamSchema = z.object({
+  conversationId: z.string().trim().min(1, "conversationId must be a non-empty string").max(128, "conversationId exceeds the maximum length of 128 characters")
+});
+const openApi = {
+  tag: "AI Assistant",
+  summary: "Per-conversation AI chat operations",
+  methods: {
+    GET: {
+      operationId: "aiAssistantGetConversation",
+      summary: "Fetch a conversation summary and recent transcript.",
+      description: "Returns `{ conversation, messages, nextCursor }` for the supplied `conversationId`. View-only callers can load only their own conversations. Callers with `ai_assistant.conversations.manage` can load conversations across users in the same tenant/organization. Messages are ordered ascending by `createdAt`. The `before` cursor returns the next older page when paging back through long transcripts.",
+      responses: [
+        {
+          status: 200,
+          description: "Conversation transcript page for the authenticated owner.",
+          mediaType: "application/json"
+        }
+      ],
+      errors: [
+        { status: 400, description: "Invalid path or query parameters." },
+        { status: 401, description: "Unauthenticated caller." },
+        { status: 403, description: "Caller lacks the `ai_assistant.view` feature." },
+        { status: 404, description: "No conversation accessible to the caller." }
+      ]
+    },
+    PATCH: {
+      operationId: "aiAssistantUpdateConversation",
+      summary: "Update an existing conversation.",
+      description: "Accepts a partial body containing any of `title`, `status`, `pageContext`. Setting `status` to `closed` archives the conversation while keeping its transcript intact. View-only callers can update only their own conversations; conversation managers can update conversations in the same tenant/organization.",
+      responses: [
+        {
+          status: 200,
+          description: "Updated conversation summary.",
+          mediaType: "application/json"
+        }
+      ],
+      errors: [
+        { status: 400, description: "Invalid request body." },
+        { status: 401, description: "Unauthenticated caller." },
+        { status: 403, description: "Caller lacks the `ai_assistant.view` feature." },
+        { status: 404, description: "No conversation accessible to the caller." }
+      ]
+    },
+    DELETE: {
+      operationId: "aiAssistantDeleteConversation",
+      summary: "Soft-delete a conversation and its messages.",
+      description: "View-only callers can delete only their own conversations. Callers with `ai_assistant.conversations.manage` can delete conversations in the same tenant/organization. Marks the conversation row and every undeleted message row with a `deleted_at` timestamp in one transaction. The transcript remains in the database for audit/restore until a future retention worker hard-deletes it.",
+      responses: [
+        {
+          status: 200,
+          description: "Soft-delete acknowledgment.",
+          mediaType: "application/json"
+        }
+      ],
+      errors: [
+        { status: 401, description: "Unauthenticated caller." },
+        { status: 403, description: "Caller lacks the `ai_assistant.view` feature." },
+        { status: 404, description: "No conversation accessible to the caller." }
+      ]
+    }
+  }
+};
+const metadata = {
+  GET: { requireAuth: true, requireFeatures: [REQUIRED_FEATURE] },
+  PATCH: { requireAuth: true, requireFeatures: [REQUIRED_FEATURE] },
+  DELETE: { requireAuth: true, requireFeatures: [REQUIRED_FEATURE] }
+};
+function jsonError(status, message, code, extra) {
+  return NextResponse.json({ error: message, code, ...extra ?? {} }, { status });
+}
+async function resolveCallerContext(req, context) {
+  const auth = await getAuthFromRequest(req);
+  if (!auth) return { kind: "unauthorized" };
+  const rawParams = await context.params;
+  const parseResult = conversationIdParamSchema.safeParse(rawParams);
+  if (!parseResult.success) {
+    return { kind: "invalid-id", issues: parseResult.error.issues };
+  }
+  const container = await createRequestContainer();
+  const rbacService = container.resolve("rbacService");
+  const acl = await rbacService.loadAcl(auth.sub, {
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId
+  });
+  if (!hasRequiredFeatures([REQUIRED_FEATURE], acl.features, acl.isSuperAdmin, rbacService)) {
+    return { kind: "forbidden" };
+  }
+  const canManageConversations = hasRequiredFeatures(
+    [MANAGE_CONVERSATIONS_FEATURE],
+    acl.features,
+    acl.isSuperAdmin,
+    rbacService
+  );
+  if (!auth.tenantId) return { kind: "missing-tenant" };
+  return {
+    kind: "ok",
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId ?? null,
+    userId: auth.sub,
+    conversationId: parseResult.data.conversationId,
+    canManageConversations
+  };
+}
+async function GET(req, context) {
+  const callerCtx = await resolveCallerContext(req, context);
+  if (callerCtx.kind === "unauthorized") return jsonError(401, "Unauthorized", "unauthenticated");
+  if (callerCtx.kind === "invalid-id") {
+    return jsonError(400, "Invalid conversation id.", "validation_error", {
+      issues: callerCtx.issues
+    });
+  }
+  if (callerCtx.kind === "forbidden") {
+    return jsonError(403, `Caller lacks required feature "${REQUIRED_FEATURE}".`, "forbidden");
+  }
+  if (callerCtx.kind === "missing-tenant") {
+    return jsonError(404, "Conversation not found.", "conversation_not_found");
+  }
+  const url = new URL(req.url);
+  const queryResult = aiChatConversationTranscriptQuerySchema.safeParse({
+    limit: url.searchParams.get("limit") ?? void 0,
+    before: url.searchParams.get("before") ?? void 0
+  });
+  if (!queryResult.success) {
+    return jsonError(400, "Invalid query parameters.", "validation_error", {
+      issues: queryResult.error.issues
+    });
+  }
+  try {
+    const container = await createRequestContainer();
+    const repo = createConversationStorage(container);
+    const transcript = await repo.getTranscript(
+      callerCtx.conversationId,
+      {
+        tenantId: callerCtx.tenantId,
+        organizationId: callerCtx.organizationId,
+        userId: callerCtx.userId,
+        canManageConversations: callerCtx.canManageConversations
+      },
+      {
+        limit: queryResult.data.limit,
+        before: queryResult.data.before ?? null
+      }
+    );
+    if (!transcript) {
+      return jsonError(404, "Conversation not found.", "conversation_not_found");
+    }
+    return NextResponse.json({
+      conversation: serializeAiChatConversation(transcript.conversation),
+      messages: transcript.messages.map(serializeAiChatMessage),
+      nextCursor: transcript.nextCursor
+    });
+  } catch (error) {
+    console.error("[AI Conversation GET] Failure:", error);
+    return jsonError(
+      500,
+      error instanceof Error ? error.message : "Failed to load conversation.",
+      "internal_error"
+    );
+  }
+}
+async function PATCH(req, context) {
+  const callerCtx = await resolveCallerContext(req, context);
+  if (callerCtx.kind === "unauthorized") return jsonError(401, "Unauthorized", "unauthenticated");
+  if (callerCtx.kind === "invalid-id") {
+    return jsonError(400, "Invalid conversation id.", "validation_error", {
+      issues: callerCtx.issues
+    });
+  }
+  if (callerCtx.kind === "forbidden") {
+    return jsonError(403, `Caller lacks required feature "${REQUIRED_FEATURE}".`, "forbidden");
+  }
+  if (callerCtx.kind === "missing-tenant") {
+    return jsonError(404, "Conversation not found.", "conversation_not_found");
+  }
+  let rawBody;
+  try {
+    rawBody = await req.json();
+  } catch {
+    return jsonError(400, "Request body must be valid JSON.", "validation_error");
+  }
+  const parseResult = aiChatConversationUpdateSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return jsonError(400, "Invalid conversation patch.", "validation_error", {
+      issues: parseResult.error.issues
+    });
+  }
+  try {
+    const container = await createRequestContainer();
+    const repo = createConversationStorage(container);
+    const row = await repo.update(
+      callerCtx.conversationId,
+      parseResult.data,
+      {
+        tenantId: callerCtx.tenantId,
+        organizationId: callerCtx.organizationId,
+        userId: callerCtx.userId,
+        canManageConversations: callerCtx.canManageConversations
+      }
+    );
+    return NextResponse.json(serializeAiChatConversation(row));
+  } catch (error) {
+    if (error instanceof Error && error.name === "AiChatConversationAccessError") {
+      return jsonError(404, "Conversation not found.", "conversation_not_found");
+    }
+    console.error("[AI Conversation PATCH] Failure:", error);
+    return jsonError(
+      500,
+      error instanceof Error ? error.message : "Failed to update conversation.",
+      "internal_error"
+    );
+  }
+}
+async function DELETE(req, context) {
+  const callerCtx = await resolveCallerContext(req, context);
+  if (callerCtx.kind === "unauthorized") return jsonError(401, "Unauthorized", "unauthenticated");
+  if (callerCtx.kind === "invalid-id") {
+    return jsonError(400, "Invalid conversation id.", "validation_error", {
+      issues: callerCtx.issues
+    });
+  }
+  if (callerCtx.kind === "forbidden") {
+    return jsonError(403, `Caller lacks required feature "${REQUIRED_FEATURE}".`, "forbidden");
+  }
+  if (callerCtx.kind === "missing-tenant") {
+    return jsonError(404, "Conversation not found.", "conversation_not_found");
+  }
+  try {
+    const container = await createRequestContainer();
+    const repo = createConversationStorage(container);
+    await repo.softDelete(callerCtx.conversationId, {
+      tenantId: callerCtx.tenantId,
+      organizationId: callerCtx.organizationId,
+      userId: callerCtx.userId,
+      canManageConversations: callerCtx.canManageConversations
+    });
+    return NextResponse.json({ ok: true });
+  } catch (error) {
+    if (error instanceof Error && error.name === "AiChatConversationAccessError") {
+      return jsonError(404, "Conversation not found.", "conversation_not_found");
+    }
+    console.error("[AI Conversation DELETE] Failure:", error);
+    return jsonError(
+      500,
+      error instanceof Error ? error.message : "Failed to delete conversation.",
+      "internal_error"
+    );
+  }
+}
+export {
+  DELETE,
+  GET,
+  PATCH,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=route.js.map

package/dist/modules/ai_assistant/api/ai/conversations/[conversationId]/route.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../../src/modules/ai_assistant/api/ai/conversations/%5BconversationId%5D/route.ts"],
+  "sourcesContent": ["import { NextResponse, type NextRequest } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport {\n  aiChatConversationTranscriptQuerySchema,\n  aiChatConversationUpdateSchema,\n} from '../../../../data/validators'\nimport { hasRequiredFeatures } from '../../../../lib/auth'\nimport {\n  createConversationStorage,\n  serializeAiChatConversation,\n  serializeAiChatMessage,\n} from '../../../../lib/conversation-storage'\n\nconst REQUIRED_FEATURE = 'ai_assistant.view'\nconst MANAGE_CONVERSATIONS_FEATURE = 'ai_assistant.conversations.manage'\n\nconst conversationIdParamSchema = z.object({\n  conversationId: z\n    .string()\n    .trim()\n    .min(1, 'conversationId must be a non-empty string')\n    .max(128, 'conversationId exceeds the maximum length of 128 characters'),\n})\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'AI Assistant',\n  summary: 'Per-conversation AI chat operations',\n  methods: {\n    GET: {\n      operationId: 'aiAssistantGetConversation',\n      summary: 'Fetch a conversation summary and recent transcript.',\n      description:\n        'Returns `{ conversation, messages, nextCursor }` for the supplied `conversationId`. ' +\n        'View-only callers can load only their own conversations. Callers with ' +\n        '`ai_assistant.conversations.manage` can load conversations across users in the same ' +\n        'tenant/organization. Messages are ordered ascending by `createdAt`. The `before` cursor ' +\n        'returns the next older page when paging back through long transcripts.',\n      responses: [\n        {\n          status: 200,\n          description: 'Conversation transcript page for the authenticated owner.',\n          mediaType: 'application/json',\n        },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid path or query parameters.' },\n        { status: 401, description: 'Unauthenticated caller.' },\n        { status: 403, description: 'Caller lacks the `ai_assistant.view` feature.' },\n        { status: 404, description: 'No conversation accessible to the caller.' },\n      ],\n    },\n    PATCH: {\n      operationId: 'aiAssistantUpdateConversation',\n      summary: 'Update an existing conversation.',\n      description:\n        'Accepts a partial body containing any of `title`, `status`, `pageContext`. Setting ' +\n        '`status` to `closed` archives the conversation while keeping its transcript intact. ' +\n        'View-only callers can update only their own conversations; conversation managers can ' +\n        'update conversations in the same tenant/organization.',\n      responses: [\n        {\n          status: 200,\n          description: 'Updated conversation summary.',\n          mediaType: 'application/json',\n        },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid request body.' },\n        { status: 401, description: 'Unauthenticated caller.' },\n        { status: 403, description: 'Caller lacks the `ai_assistant.view` feature.' },\n        { status: 404, description: 'No conversation accessible to the caller.' },\n      ],\n    },\n    DELETE: {\n      operationId: 'aiAssistantDeleteConversation',\n      summary: 'Soft-delete a conversation and its messages.',\n      description:\n        'View-only callers can delete only their own conversations. Callers with ' +\n        '`ai_assistant.conversations.manage` can delete conversations in the same tenant/organization. ' +\n        'Marks the conversation row and every undeleted message row with a `deleted_at` timestamp ' +\n        'in one transaction. The transcript remains in the database for audit/restore until a future ' +\n        'retention worker hard-deletes it.',\n      responses: [\n        {\n          status: 200,\n          description: 'Soft-delete acknowledgment.',\n          mediaType: 'application/json',\n        },\n      ],\n      errors: [\n        { status: 401, description: 'Unauthenticated caller.' },\n        { status: 403, description: 'Caller lacks the `ai_assistant.view` feature.' },\n        { status: 404, description: 'No conversation accessible to the caller.' },\n      ],\n    },\n  },\n}\n\nexport const metadata = {\n  GET: { requireAuth: true, requireFeatures: [REQUIRED_FEATURE] },\n  PATCH: { requireAuth: true, requireFeatures: [REQUIRED_FEATURE] },\n  DELETE: { requireAuth: true, requireFeatures: [REQUIRED_FEATURE] },\n}\n\ninterface RouteContext {\n  params: Promise<{ conversationId: string }>\n}\n\nfunction jsonError(\n  status: number,\n  message: string,\n  code: string,\n  extra?: Record<string, unknown>,\n): NextResponse {\n  return NextResponse.json({ error: message, code, ...(extra ?? {}) }, { status })\n}\n\nasync function resolveCallerContext(req: NextRequest, context: RouteContext): Promise<\n  | { kind: 'unauthorized' }\n  | { kind: 'forbidden' }\n  | { kind: 'missing-tenant' }\n  | { kind: 'invalid-id'; issues: unknown }\n  | {\n      kind: 'ok'\n      tenantId: string\n      organizationId: string | null\n      userId: string\n      conversationId: string\n      canManageConversations: boolean\n    }\n> {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return { kind: 'unauthorized' }\n  const rawParams = await context.params\n  const parseResult = conversationIdParamSchema.safeParse(rawParams)\n  if (!parseResult.success) {\n    return { kind: 'invalid-id', issues: parseResult.error.issues }\n  }\n  const container = await createRequestContainer()\n  const rbacService = container.resolve<RbacService>('rbacService')\n  const acl = await rbacService.loadAcl(auth.sub, {\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n  })\n  if (!hasRequiredFeatures([REQUIRED_FEATURE], acl.features, acl.isSuperAdmin, rbacService)) {\n    return { kind: 'forbidden' }\n  }\n  const canManageConversations = hasRequiredFeatures(\n    [MANAGE_CONVERSATIONS_FEATURE],\n    acl.features,\n    acl.isSuperAdmin,\n    rbacService,\n  )\n  if (!auth.tenantId) return { kind: 'missing-tenant' }\n  return {\n    kind: 'ok',\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId ?? null,\n    userId: auth.sub,\n    conversationId: parseResult.data.conversationId,\n    canManageConversations,\n  }\n}\n\nexport async function GET(req: NextRequest, context: RouteContext): Promise<Response> {\n  const callerCtx = await resolveCallerContext(req, context)\n  if (callerCtx.kind === 'unauthorized') return jsonError(401, 'Unauthorized', 'unauthenticated')\n  if (callerCtx.kind === 'invalid-id') {\n    return jsonError(400, 'Invalid conversation id.', 'validation_error', {\n      issues: callerCtx.issues,\n    })\n  }\n  if (callerCtx.kind === 'forbidden') {\n    return jsonError(403, `Caller lacks required feature \"${REQUIRED_FEATURE}\".`, 'forbidden')\n  }\n  if (callerCtx.kind === 'missing-tenant') {\n    return jsonError(404, 'Conversation not found.', 'conversation_not_found')\n  }\n\n  const url = new URL(req.url)\n  const queryResult = aiChatConversationTranscriptQuerySchema.safeParse({\n    limit: url.searchParams.get('limit') ?? undefined,\n    before: url.searchParams.get('before') ?? undefined,\n  })\n  if (!queryResult.success) {\n    return jsonError(400, 'Invalid query parameters.', 'validation_error', {\n      issues: queryResult.error.issues,\n    })\n  }\n\n  try {\n    const container = await createRequestContainer()\n    const repo = createConversationStorage(container)\n    const transcript = await repo.getTranscript(\n      callerCtx.conversationId,\n      {\n        tenantId: callerCtx.tenantId,\n        organizationId: callerCtx.organizationId,\n        userId: callerCtx.userId,\n        canManageConversations: callerCtx.canManageConversations,\n      },\n      {\n        limit: queryResult.data.limit,\n        before: queryResult.data.before ?? null,\n      },\n    )\n    if (!transcript) {\n      return jsonError(404, 'Conversation not found.', 'conversation_not_found')\n    }\n    return NextResponse.json({\n      conversation: serializeAiChatConversation(transcript.conversation),\n      messages: transcript.messages.map(serializeAiChatMessage),\n      nextCursor: transcript.nextCursor,\n    })\n  } catch (error) {\n    console.error('[AI Conversation GET] Failure:', error)\n    return jsonError(\n      500,\n      error instanceof Error ? error.message : 'Failed to load conversation.',\n      'internal_error',\n    )\n  }\n}\n\nexport async function PATCH(req: NextRequest, context: RouteContext): Promise<Response> {\n  const callerCtx = await resolveCallerContext(req, context)\n  if (callerCtx.kind === 'unauthorized') return jsonError(401, 'Unauthorized', 'unauthenticated')\n  if (callerCtx.kind === 'invalid-id') {\n    return jsonError(400, 'Invalid conversation id.', 'validation_error', {\n      issues: callerCtx.issues,\n    })\n  }\n  if (callerCtx.kind === 'forbidden') {\n    return jsonError(403, `Caller lacks required feature \"${REQUIRED_FEATURE}\".`, 'forbidden')\n  }\n  if (callerCtx.kind === 'missing-tenant') {\n    return jsonError(404, 'Conversation not found.', 'conversation_not_found')\n  }\n\n  let rawBody: unknown\n  try {\n    rawBody = await req.json()\n  } catch {\n    return jsonError(400, 'Request body must be valid JSON.', 'validation_error')\n  }\n  const parseResult = aiChatConversationUpdateSchema.safeParse(rawBody)\n  if (!parseResult.success) {\n    return jsonError(400, 'Invalid conversation patch.', 'validation_error', {\n      issues: parseResult.error.issues,\n    })\n  }\n\n  try {\n    const container = await createRequestContainer()\n    const repo = createConversationStorage(container)\n    const row = await repo.update(\n      callerCtx.conversationId,\n      parseResult.data,\n      {\n        tenantId: callerCtx.tenantId,\n        organizationId: callerCtx.organizationId,\n        userId: callerCtx.userId,\n        canManageConversations: callerCtx.canManageConversations,\n      },\n    )\n    return NextResponse.json(serializeAiChatConversation(row))\n  } catch (error) {\n    if (error instanceof Error && error.name === 'AiChatConversationAccessError') {\n      return jsonError(404, 'Conversation not found.', 'conversation_not_found')\n    }\n    console.error('[AI Conversation PATCH] Failure:', error)\n    return jsonError(\n      500,\n      error instanceof Error ? error.message : 'Failed to update conversation.',\n      'internal_error',\n    )\n  }\n}\n\nexport async function DELETE(req: NextRequest, context: RouteContext): Promise<Response> {\n  const callerCtx = await resolveCallerContext(req, context)\n  if (callerCtx.kind === 'unauthorized') return jsonError(401, 'Unauthorized', 'unauthenticated')\n  if (callerCtx.kind === 'invalid-id') {\n    return jsonError(400, 'Invalid conversation id.', 'validation_error', {\n      issues: callerCtx.issues,\n    })\n  }\n  if (callerCtx.kind === 'forbidden') {\n    return jsonError(403, `Caller lacks required feature \"${REQUIRED_FEATURE}\".`, 'forbidden')\n  }\n  if (callerCtx.kind === 'missing-tenant') {\n    return jsonError(404, 'Conversation not found.', 'conversation_not_found')\n  }\n\n  try {\n    const container = await createRequestContainer()\n    const repo = createConversationStorage(container)\n    await repo.softDelete(callerCtx.conversationId, {\n      tenantId: callerCtx.tenantId,\n      organizationId: callerCtx.organizationId,\n      userId: callerCtx.userId,\n      canManageConversations: callerCtx.canManageConversations,\n    })\n    return NextResponse.json({ ok: true })\n  } catch (error) {\n    if (error instanceof Error && error.name === 'AiChatConversationAccessError') {\n      return jsonError(404, 'Conversation not found.', 'conversation_not_found')\n    }\n    console.error('[AI Conversation DELETE] Failure:', error)\n    return jsonError(\n      500,\n      error instanceof Error ? error.message : 'Failed to delete conversation.',\n      'internal_error',\n    )\n  }\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAsC;AAC/C,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC;AAAA,EACE;AAAA,EACA;AAAA,OACK;AACP,SAAS,2BAA2B;AACpC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,MAAM,mBAAmB;AACzB,MAAM,+BAA+B;AAErC,MAAM,4BAA4B,EAAE,OAAO;AAAA,EACzC,gBAAgB,EACb,OAAO,EACP,KAAK,EACL,IAAI,GAAG,2CAA2C,EAClD,IAAI,KAAK,6DAA6D;AAC3E,CAAC;AAEM,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,aAAa;AAAA,MACb,SAAS;AAAA,MACT,aACE;AAAA,MAKF,WAAW;AAAA,QACT;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,WAAW;AAAA,QACb;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,oCAAoC;AAAA,QAChE,EAAE,QAAQ,KAAK,aAAa,0BAA0B;AAAA,QACtD,EAAE,QAAQ,KAAK,aAAa,gDAAgD;AAAA,QAC5E,EAAE,QAAQ,KAAK,aAAa,4CAA4C;AAAA,MAC1E;AAAA,IACF;AAAA,IACA,OAAO;AAAA,MACL,aAAa;AAAA,MACb,SAAS;AAAA,MACT,aACE;AAAA,MAIF,WAAW;AAAA,QACT;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,WAAW;AAAA,QACb;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,wBAAwB;AAAA,QACpD,EAAE,QAAQ,KAAK,aAAa,0BAA0B;AAAA,QACtD,EAAE,QAAQ,KAAK,aAAa,gDAAgD;AAAA,QAC5E,EAAE,QAAQ,KAAK,aAAa,4CAA4C;AAAA,MAC1E;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,aAAa;AAAA,MACb,SAAS;AAAA,MACT,aACE;AAAA,MAKF,WAAW;AAAA,QACT;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,WAAW;AAAA,QACb;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,0BAA0B;AAAA,QACtD,EAAE,QAAQ,KAAK,aAAa,gDAAgD;AAAA,QAC5E,EAAE,QAAQ,KAAK,aAAa,4CAA4C;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,gBAAgB,EAAE;AAAA,EAC9D,OAAO,EAAE,aAAa,MAAM,iBAAiB,CAAC,gBAAgB,EAAE;AAAA,EAChE,QAAQ,EAAE,aAAa,MAAM,iBAAiB,CAAC,gBAAgB,EAAE;AACnE;AAMA,SAAS,UACP,QACA,SACA,MACA,OACc;AACd,SAAO,aAAa,KAAK,EAAE,OAAO,SAAS,MAAM,GAAI,SAAS,CAAC,EAAG,GAAG,EAAE,OAAO,CAAC;AACjF;AAEA,eAAe,qBAAqB,KAAkB,SAapD;AACA,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,EAAE,MAAM,eAAe;AACzC,QAAM,YAAY,MAAM,QAAQ;AAChC,QAAM,cAAc,0BAA0B,UAAU,SAAS;AACjE,MAAI,CAAC,YAAY,SAAS;AACxB,WAAO,EAAE,MAAM,cAAc,QAAQ,YAAY,MAAM,OAAO;AAAA,EAChE;AACA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAqB,aAAa;AAChE,QAAM,MAAM,MAAM,YAAY,QAAQ,KAAK,KAAK;AAAA,IAC9C,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,EACvB,CAAC;AACD,MAAI,CAAC,oBAAoB,CAAC,gBAAgB,GAAG,IAAI,UAAU,IAAI,cAAc,WAAW,GAAG;AACzF,WAAO,EAAE,MAAM,YAAY;AAAA,EAC7B;AACA,QAAM,yBAAyB;AAAA,IAC7B,CAAC,4BAA4B;AAAA,IAC7B,IAAI;AAAA,IACJ,IAAI;AAAA,IACJ;AAAA,EACF;AACA,MAAI,CAAC,KAAK,SAAU,QAAO,EAAE,MAAM,iBAAiB;AACpD,SAAO;AAAA,IACL,MAAM;AAAA,IACN,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK,SAAS;AAAA,IAC9B,QAAQ,KAAK;AAAA,IACb,gBAAgB,YAAY,KAAK;AAAA,IACjC;AAAA,EACF;AACF;AAEA,eAAsB,IAAI,KAAkB,SAA0C;AACpF,QAAM,YAAY,MAAM,qBAAqB,KAAK,OAAO;AACzD,MAAI,UAAU,SAAS,eAAgB,QAAO,UAAU,KAAK,gBAAgB,iBAAiB;AAC9F,MAAI,UAAU,SAAS,cAAc;AACnC,WAAO,UAAU,KAAK,4BAA4B,oBAAoB;AAAA,MACpE,QAAQ,UAAU;AAAA,IACpB,CAAC;AAAA,EACH;AACA,MAAI,UAAU,SAAS,aAAa;AAClC,WAAO,UAAU,KAAK,kCAAkC,gBAAgB,MAAM,WAAW;AAAA,EAC3F;AACA,MAAI,UAAU,SAAS,kBAAkB;AACvC,WAAO,UAAU,KAAK,2BAA2B,wBAAwB;AAAA,EAC3E;AAEA,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,cAAc,wCAAwC,UAAU;AAAA,IACpE,OAAO,IAAI,aAAa,IAAI,OAAO,KAAK;AAAA,IACxC,QAAQ,IAAI,aAAa,IAAI,QAAQ,KAAK;AAAA,EAC5C,CAAC;AACD,MAAI,CAAC,YAAY,SAAS;AACxB,WAAO,UAAU,KAAK,6BAA6B,oBAAoB;AAAA,MACrE,QAAQ,YAAY,MAAM;AAAA,IAC5B,CAAC;AAAA,EACH;AAEA,MAAI;AACF,UAAM,YAAY,MAAM,uBAAuB;AAC/C,UAAM,OAAO,0BAA0B,SAAS;AAChD,UAAM,aAAa,MAAM,KAAK;AAAA,MAC5B,UAAU;AAAA,MACV;AAAA,QACE,UAAU,UAAU;AAAA,QACpB,gBAAgB,UAAU;AAAA,QAC1B,QAAQ,UAAU;AAAA,QAClB,wBAAwB,UAAU;AAAA,MACpC;AAAA,MACA;AAAA,QACE,OAAO,YAAY,KAAK;AAAA,QACxB,QAAQ,YAAY,KAAK,UAAU;AAAA,MACrC;AAAA,IACF;AACA,QAAI,CAAC,YAAY;AACf,aAAO,UAAU,KAAK,2BAA2B,wBAAwB;AAAA,IAC3E;AACA,WAAO,aAAa,KAAK;AAAA,MACvB,cAAc,4BAA4B,WAAW,YAAY;AAAA,MACjE,UAAU,WAAW,SAAS,IAAI,sBAAsB;AAAA,MACxD,YAAY,WAAW;AAAA,IACzB,CAAC;AAAA,EACH,SAAS,OAAO;AACd,YAAQ,MAAM,kCAAkC,KAAK;AACrD,WAAO;AAAA,MACL;AAAA,MACA,iBAAiB,QAAQ,MAAM,UAAU;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;AAEA,eAAsB,MAAM,KAAkB,SAA0C;AACtF,QAAM,YAAY,MAAM,qBAAqB,KAAK,OAAO;AACzD,MAAI,UAAU,SAAS,eAAgB,QAAO,UAAU,KAAK,gBAAgB,iBAAiB;AAC9F,MAAI,UAAU,SAAS,cAAc;AACnC,WAAO,UAAU,KAAK,4BAA4B,oBAAoB;AAAA,MACpE,QAAQ,UAAU;AAAA,IACpB,CAAC;AAAA,EACH;AACA,MAAI,UAAU,SAAS,aAAa;AAClC,WAAO,UAAU,KAAK,kCAAkC,gBAAgB,MAAM,WAAW;AAAA,EAC3F;AACA,MAAI,UAAU,SAAS,kBAAkB;AACvC,WAAO,UAAU,KAAK,2BAA2B,wBAAwB;AAAA,EAC3E;AAEA,MAAI;AACJ,MAAI;AACF,cAAU,MAAM,IAAI,KAAK;AAAA,EAC3B,QAAQ;AACN,WAAO,UAAU,KAAK,oCAAoC,kBAAkB;AAAA,EAC9E;AACA,QAAM,cAAc,+BAA+B,UAAU,OAAO;AACpE,MAAI,CAAC,YAAY,SAAS;AACxB,WAAO,UAAU,KAAK,+BAA+B,oBAAoB;AAAA,MACvE,QAAQ,YAAY,MAAM;AAAA,IAC5B,CAAC;AAAA,EACH;AAEA,MAAI;AACF,UAAM,YAAY,MAAM,uBAAuB;AAC/C,UAAM,OAAO,0BAA0B,SAAS;AAChD,UAAM,MAAM,MAAM,KAAK;AAAA,MACrB,UAAU;AAAA,MACV,YAAY;AAAA,MACZ;AAAA,QACE,UAAU,UAAU;AAAA,QACpB,gBAAgB,UAAU;AAAA,QAC1B,QAAQ,UAAU;AAAA,QAClB,wBAAwB,UAAU;AAAA,MACpC;AAAA,IACF;AACA,WAAO,aAAa,KAAK,4BAA4B,GAAG,CAAC;AAAA,EAC3D,SAAS,OAAO;AACd,QAAI,iBAAiB,SAAS,MAAM,SAAS,iCAAiC;AAC5E,aAAO,UAAU,KAAK,2BAA2B,wBAAwB;AAAA,IAC3E;AACA,YAAQ,MAAM,oCAAoC,KAAK;AACvD,WAAO;AAAA,MACL;AAAA,MACA,iBAAiB,QAAQ,MAAM,UAAU;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;AAEA,eAAsB,OAAO,KAAkB,SAA0C;AACvF,QAAM,YAAY,MAAM,qBAAqB,KAAK,OAAO;AACzD,MAAI,UAAU,SAAS,eAAgB,QAAO,UAAU,KAAK,gBAAgB,iBAAiB;AAC9F,MAAI,UAAU,SAAS,cAAc;AACnC,WAAO,UAAU,KAAK,4BAA4B,oBAAoB;AAAA,MACpE,QAAQ,UAAU;AAAA,IACpB,CAAC;AAAA,EACH;AACA,MAAI,UAAU,SAAS,aAAa;AAClC,WAAO,UAAU,KAAK,kCAAkC,gBAAgB,MAAM,WAAW;AAAA,EAC3F;AACA,MAAI,UAAU,SAAS,kBAAkB;AACvC,WAAO,UAAU,KAAK,2BAA2B,wBAAwB;AAAA,EAC3E;AAEA,MAAI;AACF,UAAM,YAAY,MAAM,uBAAuB;AAC/C,UAAM,OAAO,0BAA0B,SAAS;AAChD,UAAM,KAAK,WAAW,UAAU,gBAAgB;AAAA,MAC9C,UAAU,UAAU;AAAA,MACpB,gBAAgB,UAAU;AAAA,MAC1B,QAAQ,UAAU;AAAA,MAClB,wBAAwB,UAAU;AAAA,IACpC,CAAC;AACD,WAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AAAA,EACvC,SAAS,OAAO;AACd,QAAI,iBAAiB,SAAS,MAAM,SAAS,iCAAiC;AAC5E,aAAO,UAAU,KAAK,2BAA2B,wBAAwB;AAAA,IAC3E;AACA,YAAQ,MAAM,qCAAqC,KAAK;AACxD,WAAO;AAAA,MACL;AAAA,MACA,iBAAiB,QAAQ,MAAM,UAAU;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;",
+  "names": []
+}

package/dist/modules/ai_assistant/api/ai/conversations/import/route.js ADDED Viewed

@@ -0,0 +1,108 @@
+import { NextResponse } from "next/server";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { aiChatConversationImportSchema } from "../../../../data/validators.js";
+import { hasRequiredFeatures } from "../../../../lib/auth.js";
+import {
+  createConversationStorage,
+  serializeAiChatConversation
+} from "../../../../lib/conversation-storage.js";
+const REQUIRED_FEATURE = "ai_assistant.view";
+const openApi = {
+  tag: "AI Assistant",
+  summary: "Lazily import a localStorage AI chat conversation",
+  methods: {
+    POST: {
+      operationId: "aiAssistantImportConversation",
+      summary: "Import a conversation that previously lived only in browser localStorage.",
+      description: "Idempotent: messages with `clientMessageId` already present in the server transcript are skipped and counted in `skippedMessageCount`. New messages are appended with the original `clientMessageId` so subsequent retries continue to dedupe. Up to 100 messages per request. Attachment previews stored as `data:` URLs in the source localStorage record MUST NOT be forwarded to this endpoint; the UI strips them before upload.",
+      responses: [
+        {
+          status: 200,
+          description: "Import result including imported/skipped counters.",
+          mediaType: "application/json"
+        }
+      ],
+      errors: [
+        { status: 400, description: "Invalid request body." },
+        { status: 401, description: "Unauthenticated caller." },
+        { status: 403, description: "Caller lacks the `ai_assistant.view` feature." }
+      ]
+    }
+  }
+};
+const metadata = {
+  POST: { requireAuth: true, requireFeatures: [REQUIRED_FEATURE] }
+};
+function jsonError(status, message, code, extra) {
+  return NextResponse.json({ error: message, code, ...extra ?? {} }, { status });
+}
+async function POST(req) {
+  const auth = await getAuthFromRequest(req);
+  if (!auth) return jsonError(401, "Unauthorized", "unauthenticated");
+  let rawBody;
+  try {
+    rawBody = await req.json();
+  } catch {
+    return jsonError(400, "Request body must be valid JSON.", "validation_error");
+  }
+  const parseResult = aiChatConversationImportSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return jsonError(400, "Invalid import payload.", "validation_error", {
+      issues: parseResult.error.issues
+    });
+  }
+  try {
+    const container = await createRequestContainer();
+    const rbacService = container.resolve("rbacService");
+    const acl = await rbacService.loadAcl(auth.sub, {
+      tenantId: auth.tenantId,
+      organizationId: auth.orgId
+    });
+    if (!hasRequiredFeatures([REQUIRED_FEATURE], acl.features, acl.isSuperAdmin, rbacService)) {
+      return jsonError(403, `Caller lacks required feature "${REQUIRED_FEATURE}".`, "forbidden");
+    }
+    if (!auth.tenantId) {
+      return jsonError(400, "Caller is not bound to a tenant.", "tenant_required");
+    }
+    const repo = createConversationStorage(container);
+    const result = await repo.importLocalConversation(
+      {
+        conversation: {
+          conversationId: parseResult.data.conversation.conversationId,
+          agentId: parseResult.data.conversation.agentId,
+          title: parseResult.data.conversation.title ?? null,
+          status: parseResult.data.conversation.status,
+          pageContext: parseResult.data.conversation.pageContext ?? null
+        },
+        messages: parseResult.data.messages
+      },
+      {
+        tenantId: auth.tenantId,
+        organizationId: auth.orgId ?? null,
+        userId: auth.sub
+      }
+    );
+    return NextResponse.json({
+      conversation: serializeAiChatConversation(result.conversation),
+      importedMessageCount: result.importedMessageCount,
+      skippedMessageCount: result.skippedMessageCount
+    });
+  } catch (error) {
+    if (error instanceof Error && error.name === "AiChatConversationAccessError") {
+      return jsonError(404, error.message, "conversation_not_found");
+    }
+    console.error("[AI Conversation Import] Failure:", error);
+    return jsonError(
+      500,
+      error instanceof Error ? error.message : "Failed to import conversation.",
+      "internal_error"
+    );
+  }
+}
+export {
+  POST,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=route.js.map

package/dist/modules/ai_assistant/api/ai/conversations/import/route.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../../src/modules/ai_assistant/api/ai/conversations/import/route.ts"],
+  "sourcesContent": ["import { NextResponse, type NextRequest } from 'next/server'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { aiChatConversationImportSchema } from '../../../../data/validators'\nimport { hasRequiredFeatures } from '../../../../lib/auth'\nimport {\n  createConversationStorage,\n  serializeAiChatConversation,\n} from '../../../../lib/conversation-storage'\n\nconst REQUIRED_FEATURE = 'ai_assistant.view'\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'AI Assistant',\n  summary: 'Lazily import a localStorage AI chat conversation',\n  methods: {\n    POST: {\n      operationId: 'aiAssistantImportConversation',\n      summary: 'Import a conversation that previously lived only in browser localStorage.',\n      description:\n        'Idempotent: messages with `clientMessageId` already present in the server transcript are ' +\n        'skipped and counted in `skippedMessageCount`. New messages are appended with the original ' +\n        '`clientMessageId` so subsequent retries continue to dedupe. Up to 100 messages per request. ' +\n        'Attachment previews stored as `data:` URLs in the source localStorage record MUST NOT be ' +\n        'forwarded to this endpoint; the UI strips them before upload.',\n      responses: [\n        {\n          status: 200,\n          description: 'Import result including imported/skipped counters.',\n          mediaType: 'application/json',\n        },\n      ],\n      errors: [\n        { status: 400, description: 'Invalid request body.' },\n        { status: 401, description: 'Unauthenticated caller.' },\n        { status: 403, description: 'Caller lacks the `ai_assistant.view` feature.' },\n      ],\n    },\n  },\n}\n\nexport const metadata = {\n  POST: { requireAuth: true, requireFeatures: [REQUIRED_FEATURE] },\n}\n\nfunction jsonError(\n  status: number,\n  message: string,\n  code: string,\n  extra?: Record<string, unknown>,\n): NextResponse {\n  return NextResponse.json({ error: message, code, ...(extra ?? {}) }, { status })\n}\n\nexport async function POST(req: NextRequest): Promise<Response> {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) return jsonError(401, 'Unauthorized', 'unauthenticated')\n\n  let rawBody: unknown\n  try {\n    rawBody = await req.json()\n  } catch {\n    return jsonError(400, 'Request body must be valid JSON.', 'validation_error')\n  }\n  const parseResult = aiChatConversationImportSchema.safeParse(rawBody)\n  if (!parseResult.success) {\n    return jsonError(400, 'Invalid import payload.', 'validation_error', {\n      issues: parseResult.error.issues,\n    })\n  }\n\n  try {\n    const container = await createRequestContainer()\n    const rbacService = container.resolve<RbacService>('rbacService')\n    const acl = await rbacService.loadAcl(auth.sub, {\n      tenantId: auth.tenantId,\n      organizationId: auth.orgId,\n    })\n    if (!hasRequiredFeatures([REQUIRED_FEATURE], acl.features, acl.isSuperAdmin, rbacService)) {\n      return jsonError(403, `Caller lacks required feature \"${REQUIRED_FEATURE}\".`, 'forbidden')\n    }\n    if (!auth.tenantId) {\n      return jsonError(400, 'Caller is not bound to a tenant.', 'tenant_required')\n    }\n\n    const repo = createConversationStorage(container)\n    const result = await repo.importLocalConversation(\n      {\n        conversation: {\n          conversationId: parseResult.data.conversation.conversationId,\n          agentId: parseResult.data.conversation.agentId,\n          title: parseResult.data.conversation.title ?? null,\n          status: parseResult.data.conversation.status,\n          pageContext: parseResult.data.conversation.pageContext ?? null,\n        },\n        messages: parseResult.data.messages,\n      },\n      {\n        tenantId: auth.tenantId,\n        organizationId: auth.orgId ?? null,\n        userId: auth.sub,\n      },\n    )\n    return NextResponse.json({\n      conversation: serializeAiChatConversation(result.conversation),\n      importedMessageCount: result.importedMessageCount,\n      skippedMessageCount: result.skippedMessageCount,\n    })\n  } catch (error) {\n    if (error instanceof Error && error.name === 'AiChatConversationAccessError') {\n      return jsonError(404, error.message, 'conversation_not_found')\n    }\n    console.error('[AI Conversation Import] Failure:', error)\n    return jsonError(\n      500,\n      error instanceof Error ? error.message : 'Failed to import conversation.',\n      'internal_error',\n    )\n  }\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAsC;AAE/C,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC,SAAS,sCAAsC;AAC/C,SAAS,2BAA2B;AACpC;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAEP,MAAM,mBAAmB;AAElB,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,aAAa;AAAA,MACb,SAAS;AAAA,MACT,aACE;AAAA,MAKF,WAAW;AAAA,QACT;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,WAAW;AAAA,QACb;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,wBAAwB;AAAA,QACpD,EAAE,QAAQ,KAAK,aAAa,0BAA0B;AAAA,QACtD,EAAE,QAAQ,KAAK,aAAa,gDAAgD;AAAA,MAC9E;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,WAAW;AAAA,EACtB,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,gBAAgB,EAAE;AACjE;AAEA,SAAS,UACP,QACA,SACA,MACA,OACc;AACd,SAAO,aAAa,KAAK,EAAE,OAAO,SAAS,MAAM,GAAI,SAAS,CAAC,EAAG,GAAG,EAAE,OAAO,CAAC;AACjF;AAEA,eAAsB,KAAK,KAAqC;AAC9D,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,KAAM,QAAO,UAAU,KAAK,gBAAgB,iBAAiB;AAElE,MAAI;AACJ,MAAI;AACF,cAAU,MAAM,IAAI,KAAK;AAAA,EAC3B,QAAQ;AACN,WAAO,UAAU,KAAK,oCAAoC,kBAAkB;AAAA,EAC9E;AACA,QAAM,cAAc,+BAA+B,UAAU,OAAO;AACpE,MAAI,CAAC,YAAY,SAAS;AACxB,WAAO,UAAU,KAAK,2BAA2B,oBAAoB;AAAA,MACnE,QAAQ,YAAY,MAAM;AAAA,IAC5B,CAAC;AAAA,EACH;AAEA,MAAI;AACF,UAAM,YAAY,MAAM,uBAAuB;AAC/C,UAAM,cAAc,UAAU,QAAqB,aAAa;AAChE,UAAM,MAAM,MAAM,YAAY,QAAQ,KAAK,KAAK;AAAA,MAC9C,UAAU,KAAK;AAAA,MACf,gBAAgB,KAAK;AAAA,IACvB,CAAC;AACD,QAAI,CAAC,oBAAoB,CAAC,gBAAgB,GAAG,IAAI,UAAU,IAAI,cAAc,WAAW,GAAG;AACzF,aAAO,UAAU,KAAK,kCAAkC,gBAAgB,MAAM,WAAW;AAAA,IAC3F;AACA,QAAI,CAAC,KAAK,UAAU;AAClB,aAAO,UAAU,KAAK,oCAAoC,iBAAiB;AAAA,IAC7E;AAEA,UAAM,OAAO,0BAA0B,SAAS;AAChD,UAAM,SAAS,MAAM,KAAK;AAAA,MACxB;AAAA,QACE,cAAc;AAAA,UACZ,gBAAgB,YAAY,KAAK,aAAa;AAAA,UAC9C,SAAS,YAAY,KAAK,aAAa;AAAA,UACvC,OAAO,YAAY,KAAK,aAAa,SAAS;AAAA,UAC9C,QAAQ,YAAY,KAAK,aAAa;AAAA,UACtC,aAAa,YAAY,KAAK,aAAa,eAAe;AAAA,QAC5D;AAAA,QACA,UAAU,YAAY,KAAK;AAAA,MAC7B;AAAA,MACA;AAAA,QACE,UAAU,KAAK;AAAA,QACf,gBAAgB,KAAK,SAAS;AAAA,QAC9B,QAAQ,KAAK;AAAA,MACf;AAAA,IACF;AACA,WAAO,aAAa,KAAK;AAAA,MACvB,cAAc,4BAA4B,OAAO,YAAY;AAAA,MAC7D,sBAAsB,OAAO;AAAA,MAC7B,qBAAqB,OAAO;AAAA,IAC9B,CAAC;AAAA,EACH,SAAS,OAAO;AACd,QAAI,iBAAiB,SAAS,MAAM,SAAS,iCAAiC;AAC5E,aAAO,UAAU,KAAK,MAAM,SAAS,wBAAwB;AAAA,IAC/D;AACA,YAAQ,MAAM,qCAAqC,KAAK;AACxD,WAAO;AAAA,MACL;AAAA,MACA,iBAAiB,QAAQ,MAAM,UAAU;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;",
+  "names": []
+}

package/dist/modules/ai_assistant/api/ai/conversations/route.js ADDED Viewed

@@ -0,0 +1,207 @@
+import { NextResponse } from "next/server";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import {
+  aiChatConversationCreateSchema,
+  aiChatConversationListQuerySchema
+} from "../../../data/validators.js";
+import { hasRequiredFeatures } from "../../../lib/auth.js";
+import {
+  createConversationStorage,
+  serializeAiChatConversation
+} from "../../../lib/conversation-storage.js";
+const REQUIRED_FEATURE = "ai_assistant.view";
+const MANAGE_CONVERSATIONS_FEATURE = "ai_assistant.conversations.manage";
+const openApi = {
+  tag: "AI Assistant",
+  summary: "Server-side AI chat conversations",
+  methods: {
+    GET: {
+      operationId: "aiAssistantListConversations",
+      summary: "List AI chat conversations visible to the caller.",
+      description: "Returns `{ items, nextCursor }` for the authenticated caller, ordered by `lastMessageAt` descending. View-only callers receive only their own conversations. Callers with `ai_assistant.conversations.manage` may list conversations across users in the same tenant/organization. The `agent` and `status` filters are optional; `cursor` is the ISO timestamp returned by a previous response.",
+      responses: [
+        {
+          status: 200,
+          description: "Caller-owned conversation summaries.",
+          mediaType: "application/json"
+        }
+      ],
+      errors: [
+        { status: 400, description: "Invalid query parameters." },
+        { status: 401, description: "Unauthenticated caller." },
+        { status: 403, description: "Caller lacks the `ai_assistant.view` feature." }
+      ]
+    },
+    POST: {
+      operationId: "aiAssistantCreateConversation",
+      summary: "Idempotently create a new AI chat conversation.",
+      description: "If a non-deleted conversation already exists with the supplied `conversationId` for the authenticated caller in this tenant/org, returns the existing summary. Otherwise creates a fresh row and writes the owner-participant row in the same transaction.",
+      responses: [
+        {
+          status: 200,
+          description: "Existing conversation (idempotent path).",
+          mediaType: "application/json"
+        },
+        {
+          status: 201,
+          description: "Newly created conversation.",
+          mediaType: "application/json"
+        }
+      ],
+      errors: [
+        { status: 400, description: "Invalid request body." },
+        { status: 401, description: "Unauthenticated caller." },
+        { status: 403, description: "Caller lacks the `ai_assistant.view` feature." }
+      ]
+    }
+  }
+};
+const metadata = {
+  GET: { requireAuth: true, requireFeatures: [REQUIRED_FEATURE] },
+  POST: { requireAuth: true, requireFeatures: [REQUIRED_FEATURE] }
+};
+function jsonError(status, message, code, extra) {
+  return NextResponse.json({ error: message, code, ...extra ?? {} }, { status });
+}
+async function loadCallerContext(req) {
+  const auth = await getAuthFromRequest(req);
+  if (!auth) return { kind: "unauthorized" };
+  const container = await createRequestContainer();
+  const rbacService = container.resolve("rbacService");
+  const acl = await rbacService.loadAcl(auth.sub, {
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId
+  });
+  if (!hasRequiredFeatures([REQUIRED_FEATURE], acl.features, acl.isSuperAdmin, rbacService)) {
+    return { kind: "forbidden" };
+  }
+  const canManageConversations = hasRequiredFeatures(
+    [MANAGE_CONVERSATIONS_FEATURE],
+    acl.features,
+    acl.isSuperAdmin,
+    rbacService
+  );
+  if (!auth.tenantId) {
+    return { kind: "missing-tenant" };
+  }
+  return {
+    kind: "ok",
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId ?? null,
+    userId: auth.sub,
+    canManageConversations
+  };
+}
+async function GET(req) {
+  const callerCtx = await loadCallerContext(req);
+  if (callerCtx.kind === "unauthorized") return jsonError(401, "Unauthorized", "unauthenticated");
+  if (callerCtx.kind === "forbidden") {
+    return jsonError(403, `Caller lacks required feature "${REQUIRED_FEATURE}".`, "forbidden");
+  }
+  if (callerCtx.kind === "missing-tenant") {
+    return NextResponse.json({ items: [], nextCursor: null });
+  }
+  const url = new URL(req.url);
+  const parseResult = aiChatConversationListQuerySchema.safeParse({
+    agent: url.searchParams.get("agent") ?? void 0,
+    status: url.searchParams.get("status") ?? void 0,
+    limit: url.searchParams.get("limit") ?? void 0,
+    cursor: url.searchParams.get("cursor") ?? void 0
+  });
+  if (!parseResult.success) {
+    return jsonError(400, "Invalid query parameters.", "validation_error", {
+      issues: parseResult.error.issues
+    });
+  }
+  try {
+    const container = await createRequestContainer();
+    const repo = createConversationStorage(container);
+    const result = await repo.list(
+      {
+        tenantId: callerCtx.tenantId,
+        organizationId: callerCtx.organizationId,
+        userId: callerCtx.userId,
+        canManageConversations: callerCtx.canManageConversations
+      },
+      {
+        agentId: parseResult.data.agent ?? null,
+        status: parseResult.data.status ?? null,
+        limit: parseResult.data.limit,
+        cursor: parseResult.data.cursor ?? null
+      }
+    );
+    return NextResponse.json({
+      items: result.items.map(serializeAiChatConversation),
+      nextCursor: result.nextCursor
+    });
+  } catch (error) {
+    console.error("[AI Conversations GET] Failure:", error);
+    return jsonError(
+      500,
+      error instanceof Error ? error.message : "Failed to list conversations.",
+      "internal_error"
+    );
+  }
+}
+async function POST(req) {
+  const callerCtx = await loadCallerContext(req);
+  if (callerCtx.kind === "unauthorized") return jsonError(401, "Unauthorized", "unauthenticated");
+  if (callerCtx.kind === "forbidden") {
+    return jsonError(403, `Caller lacks required feature "${REQUIRED_FEATURE}".`, "forbidden");
+  }
+  if (callerCtx.kind === "missing-tenant") {
+    return jsonError(400, "Caller is not bound to a tenant.", "tenant_required");
+  }
+  let rawBody;
+  try {
+    rawBody = await req.json();
+  } catch {
+    return jsonError(400, "Request body must be valid JSON.", "validation_error");
+  }
+  const parseResult = aiChatConversationCreateSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return jsonError(400, "Invalid conversation payload.", "validation_error", {
+      issues: parseResult.error.issues
+    });
+  }
+  try {
+    const container = await createRequestContainer();
+    const repo = createConversationStorage(container);
+    const ctx = {
+      tenantId: callerCtx.tenantId,
+      organizationId: callerCtx.organizationId,
+      userId: callerCtx.userId,
+      canManageConversations: false
+    };
+    const beforeRow = parseResult.data.conversationId ? await repo.getById(parseResult.data.conversationId, ctx) : null;
+    const row = await repo.createOrGet(
+      {
+        conversationId: parseResult.data.conversationId,
+        agentId: parseResult.data.agentId,
+        title: parseResult.data.title ?? null,
+        pageContext: parseResult.data.pageContext ?? null
+      },
+      ctx
+    );
+    const status = beforeRow ? 200 : 201;
+    return NextResponse.json(serializeAiChatConversation(row), { status });
+  } catch (error) {
+    if (error instanceof Error && error.name === "AiChatConversationAccessError") {
+      return jsonError(404, error.message, "conversation_not_found");
+    }
+    console.error("[AI Conversations POST] Failure:", error);
+    return jsonError(
+      500,
+      error instanceof Error ? error.message : "Failed to create conversation.",
+      "internal_error"
+    );
+  }
+}
+export {
+  GET,
+  POST,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=route.js.map