npm - @open-mercato/ai-assistant - Versions diffs - 0.6.3-develop.3901.1.ddad60693a → 0.6.3 - Mend

@open-mercato/ai-assistant 0.6.3-develop.3901.1.ddad60693a → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/src/modules/ai_assistant/__integration__/TC-AI-sharing-06-deep-link.spec.ts ADDED Viewed

@@ -0,0 +1,117 @@
+import { test, expect } from '@playwright/test';
+import { login } from '@open-mercato/core/modules/core/__integration__/helpers/auth';
+/**
+ * TC-AI-sharing-06: Deep-link auto-open via ?openAiConversation=<id>
+ *
+ * Regression test for the bug where navigating to
+ * `/backend?openAiConversation=<id>` failed to open the AiAssistantLauncher
+ * chat sheet — because the launcher read window.location.search only on mount
+ * and AppShell never remounts during client-side navigation.
+ *
+ * Fix: replaced mount-only useEffect with useSearchParams() from next/navigation,
+ * which is reactive to URL changes in both hard and client-side navigations.
+ *
+ * Also verifies the URL-cleanup behaviour: after the deep-link is handled the
+ * launcher strips ?openAiConversation from the URL via router.replace() so
+ * subsequent normal chat opens don't inherit the shared conversation.
+ *
+ * API routes are fully stubbed — no live LLM is called.
+ */
+test.describe('TC-AI-sharing-06: deep-link auto-open from ?openAiConversation', () => {
+  const STUB_CONV_ID = 'test-shared-conv-01';
+  const STUB_AGENT_ID = 'customers.account_assistant';
+  const agentsStub = {
+    agents: [
+      {
+        id: STUB_AGENT_ID,
+        moduleId: 'customers',
+        label: 'Account assistant',
+        description: 'Helps with customer accounts.',
+        executionMode: 'chat',
+        mutationPolicy: 'read-only',
+        allowedTools: [],
+        requiredFeatures: [],
+        acceptedMediaTypes: [],
+        hasOutputSchema: false,
+      },
+    ],
+    total: 1,
+    aiConfigured: true,
+  };
+  const conversationStub = {
+    conversation: {
+      conversationId: STUB_CONV_ID,
+      agentId: STUB_AGENT_ID,
+      title: 'Shared conversation',
+      status: 'open',
+      visibility: 'shared',
+      pageContext: null,
+      createdAt: new Date().toISOString(),
+      updatedAt: new Date().toISOString(),
+      lastMessageAt: null,
+      importedFromLocalAt: null,
+      isOwner: false,
+    },
+    messages: [],
+    nextCursor: null,
+  };
+  async function setupStubs(page: import('@playwright/test').Page) {
+    await page.route('**/api/ai_assistant/health', (route) =>
+      route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ healthy: true }) }),
+    );
+    await page.route('**/api/ai_assistant/ai/agents', (route) =>
+      route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(agentsStub) }),
+    );
+    await page.route(`**/api/ai_assistant/ai/conversations/${STUB_CONV_ID}**`, (route) =>
+      route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(conversationStub) }),
+    );
+  }
+  test('chat sheet opens when page loads with ?openAiConversation param', async ({ page }) => {
+    await login(page, 'superadmin');
+    await setupStubs(page);
+    await page.goto(`/backend?openAiConversation=${STUB_CONV_ID}`, { waitUntil: 'domcontentloaded' });
+    await expect(page.locator('[data-ai-launcher-sheet]')).toBeVisible({ timeout: 10_000 });
+  });
+  test('URL param is stripped after deep-link is handled', async ({ page }) => {
+    await login(page, 'superadmin');
+    await setupStubs(page);
+    await page.goto(`/backend?openAiConversation=${STUB_CONV_ID}`, { waitUntil: 'domcontentloaded' });
+    // Wait for the chat to open (deep-link was handled).
+    await expect(page.locator('[data-ai-launcher-sheet]')).toBeVisible({ timeout: 10_000 });
+    // The launcher calls router.replace(pathname) after opening, stripping the
+    // param. The URL should no longer contain openAiConversation.
+    await expect(page).not.toHaveURL(/openAiConversation/, { timeout: 5_000 });
+  });
+  test('deep-link is ignored when conversation fetch returns 403', async ({ page }) => {
+    await login(page, 'superadmin');
+    await page.route('**/api/ai_assistant/health', (route) =>
+      route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ healthy: true }) }),
+    );
+    await page.route('**/api/ai_assistant/ai/agents', (route) =>
+      route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(agentsStub) }),
+    );
+    // Simulate conversation that the viewer has no access to.
+    await page.route(`**/api/ai_assistant/ai/conversations/${STUB_CONV_ID}**`, (route) =>
+      route.fulfill({ status: 403, contentType: 'application/json', body: JSON.stringify({ error: 'forbidden' }) }),
+    );
+    await page.goto(`/backend?openAiConversation=${STUB_CONV_ID}`, { waitUntil: 'domcontentloaded' });
+    // Launcher should be visible but chat sheet must NOT auto-open.
+    await expect(page.locator('[data-ai-launcher-trigger]')).toBeVisible({ timeout: 10_000 });
+    await expect(page.locator('[data-ai-launcher-sheet]')).not.toBeVisible();
+  });
+});

package/src/modules/ai_assistant/__integration__/TC-AI-sharing-07-owner-label.spec.ts ADDED Viewed

@@ -0,0 +1,159 @@
+import { test, expect } from '@playwright/test';
+import { login } from '@open-mercato/core/modules/core/__integration__/helpers/auth';
+/**
+ * TC-AI-sharing-07: Owner message label in shared-conversation viewer mode
+ *
+ * Regression test for the bug where user-role messages in a shared
+ * conversation always rendered as "You" for the viewer, even when they were
+ * written by the conversation owner and had no senderUserId (common for
+ * conversations imported from local storage).
+ *
+ * Root cause: `isOtherUsersMessage` included `&& message.senderUserId != null`,
+ * but imported messages don't carry senderUserId. Since viewers can never send
+ * messages (the composer is hidden), ALL user-role messages when isOwner===false
+ * belong to the owner.
+ *
+ * Fix: removed the senderUserId guard from MessageRow in AiChat.tsx.
+ *
+ * Assertions:
+ *   - [data-ai-chat-read-only-notice] is visible (confirms isOwner===false path)
+ *   - user-role messages show "Owner" label, not "You" / "Ty"
+ *   - assistant messages show "Assistant"
+ *   - composer is hidden (read-only viewer mode)
+ */
+test.describe('TC-AI-sharing-07: viewer sees Owner label on owner messages', () => {
+  const STUB_CONV_ID = 'test-shared-conv-02';
+  const STUB_AGENT_ID = 'customers.account_assistant';
+  const agentsStub = {
+    agents: [
+      {
+        id: STUB_AGENT_ID,
+        moduleId: 'customers',
+        label: 'Account assistant',
+        description: 'Helps with customer accounts.',
+        executionMode: 'chat',
+        mutationPolicy: 'read-only',
+        allowedTools: [],
+        requiredFeatures: [],
+        acceptedMediaTypes: [],
+        hasOutputSchema: false,
+      },
+    ],
+    total: 1,
+    aiConfigured: true,
+  };
+  // Conversation where isOwner===false (viewer). Messages have senderUserId:null
+  // because they were imported from local storage — this was the triggering
+  // condition of the bug.
+  const conversationStub = {
+    conversation: {
+      conversationId: STUB_CONV_ID,
+      agentId: STUB_AGENT_ID,
+      title: 'Shared conversation',
+      status: 'open',
+      visibility: 'shared',
+      pageContext: null,
+      createdAt: new Date().toISOString(),
+      updatedAt: new Date().toISOString(),
+      lastMessageAt: null,
+      importedFromLocalAt: new Date().toISOString(),
+      isOwner: false,
+    },
+    messages: [
+      {
+        id: 'msg-u1',
+        clientMessageId: 'cmsg-u1',
+        role: 'user',
+        content: 'What are the open deals for Acme?',
+        uiParts: [],
+        attachmentIds: [],
+        files: [],
+        model: null,
+        metadata: null,
+        createdAt: new Date().toISOString(),
+        // Deliberately null — imported messages never have senderUserId.
+        senderUserId: null,
+      },
+      {
+        id: 'msg-a1',
+        clientMessageId: 'cmsg-a1',
+        role: 'assistant',
+        content: 'I found 3 open deals for Acme Corp.',
+        uiParts: [],
+        attachmentIds: [],
+        files: [],
+        model: 'claude-haiku-4-5',
+        metadata: null,
+        createdAt: new Date().toISOString(),
+        senderUserId: null,
+      },
+    ],
+    nextCursor: null,
+  };
+  test('viewer sees Owner/Assistant labels and read-only notice', async ({ page }) => {
+    await login(page, 'superadmin');
+    await page.route('**/api/ai_assistant/health', (route) =>
+      route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ healthy: true }) }),
+    );
+    await page.route('**/api/ai_assistant/ai/agents', (route) =>
+      route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(agentsStub) }),
+    );
+    await page.route(`**/api/ai_assistant/ai/conversations/${STUB_CONV_ID}**`, (route) =>
+      route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(conversationStub) }),
+    );
+    await page.goto(`/backend?openAiConversation=${STUB_CONV_ID}`, { waitUntil: 'domcontentloaded' });
+    const sheet = page.locator('[data-ai-launcher-sheet]');
+    await expect(sheet).toBeVisible({ timeout: 10_000 });
+    // Read-only notice must be present for a viewer.
+    await expect(sheet.locator('[data-ai-chat-read-only-notice]')).toBeVisible();
+    // User-role messages (from owner, senderUserId=null) must show "Owner", not "You".
+    const userMessages = sheet.locator('[data-role="user"]');
+    await expect(userMessages.first()).toBeVisible();
+    // The label is the first text-xs div inside the message header.
+    const userLabel = userMessages.first().locator('div.text-xs').first();
+    await expect(userLabel).toHaveText(/owner/i);
+    // Regression guard: must NOT show "You" or "Ty".
+    await expect(userLabel).not.toHaveText(/^you$/i);
+    // Assistant messages must still show "Assistant".
+    const assistantMessages = sheet.locator('[data-role="assistant"]');
+    await expect(assistantMessages.first()).toBeVisible();
+    const assistantLabel = assistantMessages.first().locator('div.text-xs').first();
+    await expect(assistantLabel).toHaveText(/assistant/i);
+  });
+  test('viewer composer is hidden (cannot send messages)', async ({ page }) => {
+    await login(page, 'superadmin');
+    await page.route('**/api/ai_assistant/health', (route) =>
+      route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ healthy: true }) }),
+    );
+    await page.route('**/api/ai_assistant/ai/agents', (route) =>
+      route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(agentsStub) }),
+    );
+    await page.route(`**/api/ai_assistant/ai/conversations/${STUB_CONV_ID}**`, (route) =>
+      route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(conversationStub) }),
+    );
+    await page.goto(`/backend?openAiConversation=${STUB_CONV_ID}`, { waitUntil: 'domcontentloaded' });
+    const sheet = page.locator('[data-ai-launcher-sheet]');
+    await expect(sheet).toBeVisible({ timeout: 10_000 });
+    // The composer form is hidden via className when isOwner===false.
+    // It should not be visible to the user.
+    const composer = sheet.locator('form[data-ai-chat-composer], [data-ai-chat-composer]');
+    // Either not present or hidden.
+    const isComposerVisible = await composer.isVisible().catch(() => false);
+    expect(isComposerVisible).toBe(false);
+  });
+});

package/src/modules/ai_assistant/__tests__/integration/ai-chat-sharing.test.ts ADDED Viewed

@@ -0,0 +1,406 @@
+import {
+  AiChatConversation,
+  AiChatConversationParticipant,
+  AiChatMessage,
+} from '../../data/entities'
+import {
+  AiChatConversationRepository,
+} from '../../data/repositories/AiChatConversationRepository'
+// ─── In-memory ORM mock ────────────────────────────────────────────────────
+type ConvRow = {
+  id: string
+  tenantId: string
+  organizationId: string | null
+  conversationId: string
+  agentId: string
+  ownerUserId: string
+  title: string | null
+  status: 'open' | 'closed'
+  visibility: 'private' | 'shared' | 'organization'
+  pageContext: Record<string, unknown> | null
+  lastMessageAt: Date | null
+  importedFromLocalAt: Date | null
+  createdAt: Date
+  updatedAt: Date
+  deletedAt: Date | null
+}
+type ParticipantRow = {
+  id: string
+  tenantId: string
+  organizationId: string | null
+  conversationId: string
+  userId: string
+  role: 'owner' | 'viewer' | 'commenter'
+  lastReadAt: Date | null
+  deletedAt: Date | null
+  createdAt: Date
+  updatedAt: Date
+}
+let idCounter = 0
+function matchesWhere(row: Record<string, any>, where: any): boolean {
+  if (!where) return true
+  for (const key of Object.keys(where)) {
+    if (key === '$or') {
+      const branches: any[] = where.$or
+      if (!branches.some((branch) => matchesWhere(row, branch))) return false
+      continue
+    }
+    const expected = where[key]
+    const actual = row[key] ?? null
+    if (expected && typeof expected === 'object') {
+      if ('$lt' in expected) {
+        const lt = expected.$lt as Date
+        if (!(actual instanceof Date) || !(actual.getTime() < lt.getTime())) return false
+        continue
+      }
+      if ('$in' in expected) {
+        const list = expected.$in as unknown[]
+        if (!list.includes(actual)) return false
+        continue
+      }
+      if ('$ne' in expected) {
+        if (actual === expected.$ne) return false
+        continue
+      }
+    }
+    if (expected === null) {
+      if (actual !== null && actual !== undefined) return false
+      continue
+    }
+    if (actual !== expected) return false
+  }
+  return true
+}
+function entityKey(entity: unknown): 'conv' | 'participant' | 'message' | null {
+  if (entity === AiChatConversation) return 'conv'
+  if (entity === AiChatConversationParticipant) return 'participant'
+  if (entity === AiChatMessage) return 'message'
+  return null
+}
+function mockEm() {
+  const stores: Record<'conv' | 'participant' | 'message', any[]> = {
+    conv: [],
+    participant: [],
+    message: [],
+  }
+  const find = async (entity: unknown, where: any, options?: any): Promise<any[]> => {
+    const key = entityKey(entity)
+    if (!key) return []
+    let rows = stores[key].filter((row) => matchesWhere(row, where))
+    if (typeof options?.limit === 'number') rows = rows.slice(0, options.limit)
+    return rows
+  }
+  const pendingPersist: any[] = []
+  const em: any = {
+    find,
+    findOne: async (entity: unknown, where: any) => {
+      const rows = await find(entity, where)
+      return rows[0] ?? null
+    },
+    count: async (entity: unknown, where: any): Promise<number> => {
+      const rows = await find(entity, where)
+      return rows.length
+    },
+    create: (entity: unknown, data: any) => {
+      idCounter += 1
+      const key = entityKey(entity)
+      if (key === 'conv') {
+        const row: ConvRow = {
+          id: `conv-${idCounter}`,
+          tenantId: data.tenantId,
+          organizationId: data.organizationId ?? null,
+          conversationId: data.conversationId,
+          agentId: data.agentId ?? 'test-agent',
+          ownerUserId: data.ownerUserId,
+          title: data.title ?? null,
+          status: data.status ?? 'open',
+          visibility: data.visibility ?? 'private',
+          pageContext: data.pageContext ?? null,
+          lastMessageAt: data.lastMessageAt ?? null,
+          importedFromLocalAt: data.importedFromLocalAt ?? null,
+          createdAt: new Date(),
+          updatedAt: new Date(),
+          deletedAt: data.deletedAt ?? null,
+        }
+        return row
+      }
+      if (key === 'participant') {
+        const row: ParticipantRow = {
+          id: `part-${idCounter}`,
+          tenantId: data.tenantId,
+          organizationId: data.organizationId ?? null,
+          conversationId: data.conversationId,
+          userId: data.userId,
+          role: data.role ?? 'owner',
+          lastReadAt: data.lastReadAt ?? null,
+          deletedAt: data.deletedAt ?? null,
+          createdAt: new Date(),
+          updatedAt: new Date(),
+        }
+        return row
+      }
+      throw new Error(`Unknown entity in mock EM`)
+    },
+    persist: (row: any) => {
+      pendingPersist.push(row)
+      return em
+    },
+    flush: async () => {
+      while (pendingPersist.length > 0) {
+        const row = pendingPersist.shift()
+        if (!row) continue
+        const key: 'conv' | 'participant' | 'message' = row.id.startsWith('conv-')
+          ? 'conv'
+          : row.id.startsWith('part-')
+            ? 'participant'
+            : 'message'
+        const store = stores[key]
+        const idx = store.findIndex((c) => c.id === row.id)
+        if (idx >= 0) store[idx] = row
+        else store.push(row)
+      }
+    },
+    transactional: async (fn: (tx: any) => Promise<unknown>) => fn(em),
+    __stores: stores,
+  }
+  return em
+}
+// ─── Helpers ──────────────────────────────────────────────────────────────
+function seedConversation(
+  em: ReturnType<typeof mockEm>,
+  overrides: Partial<ConvRow> & { conversationId: string; tenantId: string; ownerUserId: string },
+) {
+  idCounter += 1
+  const row: ConvRow = {
+    id: `conv-${idCounter}`,
+    organizationId: null,
+    agentId: 'test-agent',
+    title: null,
+    status: 'open',
+    visibility: 'private',
+    pageContext: null,
+    lastMessageAt: null,
+    importedFromLocalAt: null,
+    createdAt: new Date(),
+    updatedAt: new Date(),
+    deletedAt: null,
+    ...overrides,
+  }
+  em.__stores.conv.push(row)
+  return row
+}
+function seedParticipant(
+  em: ReturnType<typeof mockEm>,
+  overrides: Partial<ParticipantRow> & { conversationId: string; tenantId: string; userId: string },
+) {
+  idCounter += 1
+  const row: ParticipantRow = {
+    id: `part-${idCounter}`,
+    organizationId: null,
+    role: 'viewer',
+    lastReadAt: null,
+    deletedAt: null,
+    createdAt: new Date(),
+    updatedAt: new Date(),
+    ...overrides,
+  }
+  em.__stores.participant.push(row)
+  return row
+}
+// ─── Test suite ───────────────────────────────────────────────────────────
+const TENANT_A = 'tenant-alpha'
+const TENANT_B = 'tenant-beta'
+const CONV_ID = 'conv-share-001'
+const OWNER_ID = 'user-owner'
+const VIEWER_ID = 'user-viewer'
+const STRANGER_ID = 'user-stranger'
+describe('TC-AI-sharing-01: owner access baseline', () => {
+  it('owner can retrieve their own conversation via getById', async () => {
+    const em = mockEm()
+    seedConversation(em, {
+      conversationId: CONV_ID,
+      tenantId: TENANT_A,
+      ownerUserId: OWNER_ID,
+    })
+    const repo = new AiChatConversationRepository(em)
+    const result = await repo.getById(CONV_ID, {
+      tenantId: TENANT_A,
+      organizationId: null,
+      userId: OWNER_ID,
+      canManageConversations: false,
+    })
+    expect(result).not.toBeNull()
+    expect(result?.conversationId).toBe(CONV_ID)
+    expect(result?.ownerUserId).toBe(OWNER_ID)
+  })
+})
+describe('TC-AI-sharing-02: participant access', () => {
+  it('viewer participant can access a shared conversation via getById', async () => {
+    const em = mockEm()
+    seedConversation(em, {
+      conversationId: CONV_ID,
+      tenantId: TENANT_A,
+      ownerUserId: OWNER_ID,
+      visibility: 'shared',
+    })
+    seedParticipant(em, {
+      conversationId: CONV_ID,
+      tenantId: TENANT_A,
+      userId: VIEWER_ID,
+      role: 'viewer',
+    })
+    const repo = new AiChatConversationRepository(em)
+    const result = await repo.getById(CONV_ID, {
+      tenantId: TENANT_A,
+      organizationId: null,
+      userId: VIEWER_ID,
+      canManageConversations: false,
+    })
+    expect(result).not.toBeNull()
+    expect(result?.conversationId).toBe(CONV_ID)
+  })
+  it('participant also sees shared conversation in list', async () => {
+    const em = mockEm()
+    seedConversation(em, {
+      conversationId: CONV_ID,
+      tenantId: TENANT_A,
+      ownerUserId: OWNER_ID,
+      visibility: 'shared',
+    })
+    seedParticipant(em, {
+      conversationId: CONV_ID,
+      tenantId: TENANT_A,
+      userId: VIEWER_ID,
+      role: 'viewer',
+    })
+    const repo = new AiChatConversationRepository(em)
+    const { items } = await repo.list(
+      { tenantId: TENANT_A, organizationId: null, userId: VIEWER_ID, canManageConversations: false },
+    )
+    expect(items.some((c) => c.conversationId === CONV_ID)).toBe(true)
+  })
+})
+describe('TC-AI-sharing-03: non-participant denial', () => {
+  it('user without participant row cannot access another user\'s conversation', async () => {
+    const em = mockEm()
+    seedConversation(em, {
+      conversationId: CONV_ID,
+      tenantId: TENANT_A,
+      ownerUserId: OWNER_ID,
+    })
+    const repo = new AiChatConversationRepository(em)
+    const result = await repo.getById(CONV_ID, {
+      tenantId: TENANT_A,
+      organizationId: null,
+      userId: STRANGER_ID,
+      canManageConversations: false,
+    })
+    expect(result).toBeNull()
+  })
+  it('revoked participant (deletedAt set) cannot access the conversation', async () => {
+    const em = mockEm()
+    seedConversation(em, {
+      conversationId: CONV_ID,
+      tenantId: TENANT_A,
+      ownerUserId: OWNER_ID,
+      visibility: 'shared',
+    })
+    seedParticipant(em, {
+      conversationId: CONV_ID,
+      tenantId: TENANT_A,
+      userId: VIEWER_ID,
+      role: 'viewer',
+      deletedAt: new Date(),
+    })
+    const repo = new AiChatConversationRepository(em)
+    const result = await repo.getById(CONV_ID, {
+      tenantId: TENANT_A,
+      organizationId: null,
+      userId: VIEWER_ID,
+      canManageConversations: false,
+    })
+    expect(result).toBeNull()
+  })
+})
+describe('TC-AI-sharing-04: manager override', () => {
+  it('manager (canManageConversations=true) can access any conversation in their tenant', async () => {
+    const em = mockEm()
+    seedConversation(em, {
+      conversationId: CONV_ID,
+      tenantId: TENANT_A,
+      ownerUserId: OWNER_ID,
+    })
+    const repo = new AiChatConversationRepository(em)
+    const result = await repo.getById(CONV_ID, {
+      tenantId: TENANT_A,
+      organizationId: null,
+      userId: STRANGER_ID,
+      canManageConversations: true,
+    })
+    expect(result).not.toBeNull()
+    expect(result?.conversationId).toBe(CONV_ID)
+  })
+})
+describe('TC-AI-sharing-05: cross-tenant denial', () => {
+  it('participant row from a different tenant does not grant access', async () => {
+    const em = mockEm()
+    seedConversation(em, {
+      conversationId: CONV_ID,
+      tenantId: TENANT_A,
+      ownerUserId: OWNER_ID,
+    })
+    // Malicious scenario: participant row for VIEWER_ID but with TENANT_B tenant scope
+    seedParticipant(em, {
+      conversationId: CONV_ID,
+      tenantId: TENANT_B,
+      userId: VIEWER_ID,
+      role: 'viewer',
+    })
+    const repo = new AiChatConversationRepository(em)
+    // VIEWER_ID attempts access via TENANT_B context — should fail because the
+    // conversation belongs to TENANT_A, so findOneAccessibleConversation returns null.
+    const result = await repo.getById(CONV_ID, {
+      tenantId: TENANT_B,
+      organizationId: null,
+      userId: VIEWER_ID,
+      canManageConversations: false,
+    })
+    expect(result).toBeNull()
+  })
+})

package/src/modules/ai_assistant/acl.ts CHANGED Viewed

@@ -2,6 +2,7 @@ export const features = [
   { id: 'ai_assistant.view', title: 'View AI Assistant Settings', module: 'ai_assistant' },
   { id: 'ai_assistant.settings.manage', title: 'Manage AI Assistant Settings', module: 'ai_assistant' },
   { id: 'ai_assistant.conversations.manage', title: 'Manage AI Assistant Conversations', module: 'ai_assistant' },
+  { id: 'ai_assistant.conversations.share', title: 'Share AI Assistant Conversations', module: 'ai_assistant' },
   { id: 'ai_assistant.mcp.serve', title: 'Start MCP Server', module: 'ai_assistant' },
   { id: 'ai_assistant.tools.list', title: 'List MCP Tools', module: 'ai_assistant' },
   { id: 'ai_assistant.mcp_servers.view', title: 'View MCP Server Configurations', module: 'ai_assistant' },

package/src/modules/ai_assistant/api/ai/chat/route.ts CHANGED Viewed

@@ -650,6 +650,9 @@ export async function POST(req: NextRequest): Promise<Response> {
         attachmentIds: bodyResult.data.attachmentIds,
       })
     } catch (error) {
+      if (error instanceof Error && error.name === 'AiChatConversationOrgNotFoundError') {
+        return jsonError(400, error.message, 'organization_not_found')
+      }
       console.error('[AI Chat Agent] Failed to persist user message:', error)
     }