npm - @open-mercato/ai-assistant - Versions diffs - 0.6.3-develop.3901.1.ddad60693a → 0.6.3 - Mend

@open-mercato/ai-assistant 0.6.3-develop.3901.1.ddad60693a → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/src/modules/ai_assistant/api/ai/conversations/[conversationId]/participants/[userId]/route.ts ADDED Viewed

@@ -0,0 +1,149 @@
+import { NextResponse, type NextRequest } from 'next/server'
+import { z } from 'zod'
+import type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'
+import { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'
+import { createRequestContainer } from '@open-mercato/shared/lib/di/container'
+import type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'
+import { hasRequiredFeatures } from '../../../../../../lib/auth'
+import {
+  AiChatConversationAccessError,
+  AiChatParticipantNotFoundError,
+  createConversationStorage,
+} from '../../../../../../lib/conversation-storage'
+import { emitAiAssistantEvent } from '../../../../../../events'
+const REQUIRED_FEATURE = 'ai_assistant.view'
+const MANAGE_CONVERSATIONS_FEATURE = 'ai_assistant.conversations.manage'
+const SHARE_CONVERSATIONS_FEATURE = 'ai_assistant.conversations.share'
+const participantParamsSchema = z.object({
+  conversationId: z
+    .string()
+    .trim()
+    .min(1, 'conversationId must be a non-empty string')
+    .max(128, 'conversationId exceeds the maximum length of 128 characters'),
+  userId: z.string().uuid('userId must be a valid UUID'),
+})
+export const openApi: OpenApiRouteDoc = {
+  tag: 'AI Assistant',
+  summary: 'Revoke a conversation participant',
+  methods: {
+    DELETE: {
+      operationId: 'aiAssistantRevokeConversationParticipant',
+      summary: 'Revoke a participant from a conversation (soft-delete).',
+      description:
+        'Soft-deletes the participant row. If no active non-owner participants remain, ' +
+        'the conversation visibility is reset to "private". ' +
+        'Only the conversation owner or a manager may revoke participants.',
+      responses: [
+        {
+          status: 204,
+          description: 'Participant revoked.',
+        },
+      ],
+      errors: [
+        { status: 400, description: 'Invalid path parameters.' },
+        { status: 401, description: 'Unauthenticated caller.' },
+        { status: 403, description: 'Caller lacks required features or is not the owner.' },
+        { status: 404, description: 'Conversation not found.' },
+      ],
+    },
+  },
+}
+export const metadata = {
+  DELETE: { requireAuth: true, requireFeatures: [REQUIRED_FEATURE] },
+}
+interface RouteContext {
+  params: Promise<{ conversationId: string; userId: string }>
+}
+function jsonError(
+  status: number,
+  message: string,
+  code: string,
+  extra?: Record<string, unknown>,
+): NextResponse {
+  return NextResponse.json({ error: message, code, ...(extra ?? {}) }, { status })
+}
+export async function DELETE(req: NextRequest, context: RouteContext): Promise<Response> {
+  const auth = await getAuthFromRequest(req)
+  if (!auth) return jsonError(401, 'Unauthorized', 'unauthenticated')
+  const rawParams = await context.params
+  const parseResult = participantParamsSchema.safeParse(rawParams)
+  if (!parseResult.success) {
+    return jsonError(400, 'Invalid path parameters.', 'validation_error', {
+      issues: parseResult.error.issues,
+    })
+  }
+  if (!auth.tenantId) return jsonError(404, 'Conversation not found.', 'conversation_not_found')
+  const container = await createRequestContainer()
+  const rbacService = container.resolve<RbacService>('rbacService')
+  const acl = await rbacService.loadAcl(auth.sub, {
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId,
+  })
+  if (!hasRequiredFeatures([REQUIRED_FEATURE], acl.features, acl.isSuperAdmin, rbacService)) {
+    return jsonError(403, `Caller lacks required feature "${REQUIRED_FEATURE}".`, 'forbidden')
+  }
+  const canShare = hasRequiredFeatures(
+    [SHARE_CONVERSATIONS_FEATURE],
+    acl.features,
+    acl.isSuperAdmin,
+    rbacService,
+  )
+  if (!canShare) {
+    return jsonError(
+      403,
+      `Caller lacks required feature "${SHARE_CONVERSATIONS_FEATURE}".`,
+      'forbidden',
+    )
+  }
+  try {
+    const repo = createConversationStorage(container)
+    await repo.revokeParticipant(
+      parseResult.data.conversationId,
+      parseResult.data.userId,
+      {
+        tenantId: auth.tenantId,
+        organizationId: auth.orgId ?? null,
+        userId: auth.sub,
+        canManageConversations: hasRequiredFeatures(
+          [MANAGE_CONVERSATIONS_FEATURE],
+          acl.features,
+          acl.isSuperAdmin,
+          rbacService,
+        ),
+      },
+    )
+    try {
+      await emitAiAssistantEvent(
+        'ai_assistant.conversation.unshared',
+        {
+          conversationId: parseResult.data.conversationId,
+          tenantId: auth.tenantId,
+          organizationId: auth.orgId ?? null,
+          ownerUserId: auth.sub,
+          participantUserId: parseResult.data.userId,
+        },
+        { persistent: false },
+      )
+    } catch {
+      // non-fatal
+    }
+    return new NextResponse(null, { status: 204 })
+  } catch (err) {
+    if (err instanceof AiChatParticipantNotFoundError) {
+      return jsonError(404, err.message || 'Participant not found or already revoked.', 'participant_not_found')
+    }
+    if (err instanceof AiChatConversationAccessError) {
+      return jsonError(403, err.message || 'Access denied.', 'forbidden')
+    }
+    return jsonError(500, 'Internal server error.', 'internal_error')
+  }
+}

package/src/modules/ai_assistant/api/ai/conversations/[conversationId]/participants/route.ts ADDED Viewed

@@ -0,0 +1,314 @@
+import { NextResponse, type NextRequest } from 'next/server'
+import { z } from 'zod'
+import type { EntityManager } from '@mikro-orm/postgresql'
+import type { FilterQuery } from '@mikro-orm/core'
+import type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'
+import { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'
+import { createRequestContainer } from '@open-mercato/shared/lib/di/container'
+import { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'
+import type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'
+import { User } from '@open-mercato/core/modules/auth/data/entities'
+import { hasRequiredFeatures } from '../../../../../lib/auth'
+import {
+  createConversationStorage,
+  AiChatConversationAccessError,
+  AiChatConversationDuplicateParticipantError,
+} from '../../../../../lib/conversation-storage'
+import { emitAiAssistantEvent } from '../../../../../events'
+const REQUIRED_FEATURE = 'ai_assistant.view'
+const MANAGE_CONVERSATIONS_FEATURE = 'ai_assistant.conversations.manage'
+const SHARE_CONVERSATIONS_FEATURE = 'ai_assistant.conversations.share'
+const conversationIdParamSchema = z.object({
+  conversationId: z
+    .string()
+    .trim()
+    .min(1, 'conversationId must be a non-empty string')
+    .max(128, 'conversationId exceeds the maximum length of 128 characters'),
+})
+const addParticipantBodySchema = z.object({
+  userId: z.string().uuid('userId must be a valid UUID'),
+  role: z.enum(['viewer']).default('viewer'),
+})
+export const openApi: OpenApiRouteDoc = {
+  tag: 'AI Assistant',
+  summary: 'Manage conversation participants',
+  methods: {
+    GET: {
+      operationId: 'aiAssistantListConversationParticipants',
+      summary: 'List active participants of a conversation.',
+      description:
+        'Returns the list of active (non-revoked) participants for the conversation. ' +
+        'Only the conversation owner or a caller with `ai_assistant.conversations.manage` can call this endpoint.',
+      responses: [
+        {
+          status: 200,
+          description: 'List of active participants.',
+          mediaType: 'application/json',
+        },
+      ],
+      errors: [
+        { status: 401, description: 'Unauthenticated caller.' },
+        { status: 403, description: 'Caller lacks required features.' },
+        { status: 404, description: 'Conversation not found or not accessible.' },
+      ],
+    },
+    POST: {
+      operationId: 'aiAssistantAddConversationParticipant',
+      summary: 'Add a participant to a conversation.',
+      description:
+        'Grants a named user read access to the conversation. Requires `ai_assistant.conversations.share`. ' +
+        'Only the conversation owner may add participants. If the user was previously revoked, the soft-deleted row is restored.',
+      responses: [
+        {
+          status: 201,
+          description: 'Participant added; conversation visibility updated to "shared".',
+          mediaType: 'application/json',
+        },
+      ],
+      errors: [
+        { status: 400, description: 'Invalid request body.' },
+        { status: 401, description: 'Unauthenticated caller.' },
+        { status: 403, description: 'Caller lacks required feature or is not the owner.' },
+        { status: 404, description: 'Conversation not found.' },
+      ],
+    },
+  },
+}
+export const metadata = {
+  GET: { requireAuth: true, requireFeatures: [REQUIRED_FEATURE] },
+  POST: { requireAuth: true, requireFeatures: [REQUIRED_FEATURE] },
+}
+interface RouteContext {
+  params: Promise<{ conversationId: string }>
+}
+function jsonError(
+  status: number,
+  message: string,
+  code: string,
+  extra?: Record<string, unknown>,
+): NextResponse {
+  return NextResponse.json({ error: message, code, ...(extra ?? {}) }, { status })
+}
+async function resolveCallerContext(req: NextRequest, context: RouteContext): Promise<
+  | { kind: 'unauthorized' }
+  | { kind: 'forbidden' }
+  | { kind: 'missing-tenant' }
+  | { kind: 'invalid-id'; issues: unknown }
+  | {
+      kind: 'ok'
+      tenantId: string
+      organizationId: string | null
+      userId: string
+      conversationId: string
+      canManageConversations: boolean
+      canShare: boolean
+    }
+> {
+  const auth = await getAuthFromRequest(req)
+  if (!auth) return { kind: 'unauthorized' }
+  const rawParams = await context.params
+  const parseResult = conversationIdParamSchema.safeParse(rawParams)
+  if (!parseResult.success) {
+    return { kind: 'invalid-id', issues: parseResult.error.issues }
+  }
+  const container = await createRequestContainer()
+  const rbacService = container.resolve<RbacService>('rbacService')
+  const acl = await rbacService.loadAcl(auth.sub, {
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId,
+  })
+  if (!hasRequiredFeatures([REQUIRED_FEATURE], acl.features, acl.isSuperAdmin, rbacService)) {
+    return { kind: 'forbidden' }
+  }
+  if (!auth.tenantId) return { kind: 'missing-tenant' }
+  return {
+    kind: 'ok',
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId ?? null,
+    userId: auth.sub,
+    conversationId: parseResult.data.conversationId,
+    canManageConversations: hasRequiredFeatures(
+      [MANAGE_CONVERSATIONS_FEATURE],
+      acl.features,
+      acl.isSuperAdmin,
+      rbacService,
+    ),
+    canShare: hasRequiredFeatures(
+      [SHARE_CONVERSATIONS_FEATURE],
+      acl.features,
+      acl.isSuperAdmin,
+      rbacService,
+    ),
+  }
+}
+export async function GET(req: NextRequest, context: RouteContext): Promise<Response> {
+  const callerCtx = await resolveCallerContext(req, context)
+  if (callerCtx.kind === 'unauthorized') return jsonError(401, 'Unauthorized', 'unauthenticated')
+  if (callerCtx.kind === 'invalid-id') {
+    return jsonError(400, 'Invalid conversation id.', 'validation_error', {
+      issues: callerCtx.issues,
+    })
+  }
+  if (callerCtx.kind === 'forbidden') {
+    return jsonError(403, `Caller lacks required feature "${REQUIRED_FEATURE}".`, 'forbidden')
+  }
+  if (callerCtx.kind === 'missing-tenant') {
+    return jsonError(404, 'Conversation not found.', 'conversation_not_found')
+  }
+  try {
+    const container = await createRequestContainer()
+    const repo = createConversationStorage(container)
+    const repoCtx = {
+      tenantId: callerCtx.tenantId,
+      organizationId: callerCtx.organizationId,
+      userId: callerCtx.userId,
+      canManageConversations: callerCtx.canManageConversations,
+    }
+    const conversation = await repo.getById(callerCtx.conversationId, repoCtx)
+    if (!conversation) {
+      return jsonError(404, 'Conversation not found.', 'conversation_not_found')
+    }
+    const participants = await repo.listParticipants(callerCtx.conversationId, repoCtx)
+    return NextResponse.json({
+      ownerUserId: conversation.ownerUserId,
+      participants: participants.map((p) => ({
+        userId: p.userId,
+        role: p.role,
+        lastReadAt: p.lastReadAt ? p.lastReadAt.toISOString() : null,
+        addedAt: p.createdAt.toISOString(),
+      })),
+    })
+  } catch (err) {
+    if (err instanceof AiChatConversationAccessError) {
+      return jsonError(403, 'Access denied.', 'forbidden')
+    }
+    return jsonError(500, 'Internal server error.', 'internal_error')
+  }
+}
+export async function POST(req: NextRequest, context: RouteContext): Promise<Response> {
+  const callerCtx = await resolveCallerContext(req, context)
+  if (callerCtx.kind === 'unauthorized') return jsonError(401, 'Unauthorized', 'unauthenticated')
+  if (callerCtx.kind === 'invalid-id') {
+    return jsonError(400, 'Invalid conversation id.', 'validation_error', {
+      issues: callerCtx.issues,
+    })
+  }
+  if (callerCtx.kind === 'forbidden') {
+    return jsonError(403, `Caller lacks required feature "${REQUIRED_FEATURE}".`, 'forbidden')
+  }
+  if (callerCtx.kind === 'missing-tenant') {
+    return jsonError(404, 'Conversation not found.', 'conversation_not_found')
+  }
+  if (!callerCtx.canShare) {
+    return jsonError(
+      403,
+      `Caller lacks required feature "${SHARE_CONVERSATIONS_FEATURE}".`,
+      'forbidden',
+    )
+  }
+  let body: unknown
+  try {
+    body = await req.json()
+  } catch {
+    return jsonError(400, 'Invalid JSON body.', 'invalid_body')
+  }
+  const parseResult = addParticipantBodySchema.safeParse(body)
+  if (!parseResult.success) {
+    return jsonError(400, 'Invalid request body.', 'validation_error', {
+      issues: parseResult.error.issues,
+    })
+  }
+  const targetUserId = parseResult.data.userId
+  if (targetUserId === callerCtx.userId) {
+    return jsonError(400, 'Cannot share a conversation with yourself.', 'self_share_not_allowed')
+  }
+  try {
+    const container = await createRequestContainer()
+    const em = container.resolve<EntityManager>('em')
+    const targetUserFilter: FilterQuery<User> = {
+      id: targetUserId,
+      tenantId: callerCtx.tenantId,
+      deletedAt: null,
+      ...(callerCtx.organizationId ? { organizationId: callerCtx.organizationId } : {}),
+    }
+    const targetUser = await findOneWithDecryption<User>(
+      em,
+      User,
+      targetUserFilter,
+      {},
+      { tenantId: callerCtx.tenantId, organizationId: callerCtx.organizationId },
+    )
+    if (!targetUser) {
+      return jsonError(
+        400,
+        'Target user must be a staff user in the same tenant and organization.',
+        'user_not_found',
+      )
+    }
+    const repo = createConversationStorage(container)
+    const participant = await repo.addParticipant(
+      callerCtx.conversationId,
+      targetUserId,
+      parseResult.data.role,
+      {
+        tenantId: callerCtx.tenantId,
+        organizationId: callerCtx.organizationId,
+        userId: callerCtx.userId,
+        canManageConversations: callerCtx.canManageConversations,
+      },
+    )
+    try {
+      await emitAiAssistantEvent(
+        'ai_assistant.conversation.shared',
+        {
+          conversationId: callerCtx.conversationId,
+          tenantId: callerCtx.tenantId,
+          organizationId: callerCtx.organizationId,
+          ownerUserId: callerCtx.userId,
+          participantUserId: participant.userId,
+          role: participant.role,
+        },
+        { persistent: false },
+      )
+    } catch {
+      // non-fatal
+    }
+    return NextResponse.json(
+      {
+        participant: {
+          userId: participant.userId,
+          role: participant.role,
+          lastReadAt: participant.lastReadAt ? participant.lastReadAt.toISOString() : null,
+          addedAt: participant.createdAt.toISOString(),
+        },
+      },
+      { status: 201 },
+    )
+  } catch (err) {
+    if (err instanceof AiChatConversationDuplicateParticipantError) {
+      return jsonError(409, err.message, 'duplicate_participant')
+    }
+    if (err instanceof AiChatConversationAccessError) {
+      return jsonError(404, 'Conversation not found.', 'conversation_not_found')
+    }
+    if (err instanceof Error && err.message.toLowerCase().includes('owner')) {
+      return jsonError(403, err.message, 'forbidden')
+    }
+    return jsonError(500, 'Internal server error.', 'internal_error')
+  }
+}

package/src/modules/ai_assistant/api/ai/conversations/[conversationId]/route.ts CHANGED Viewed

@@ -211,8 +211,16 @@ export async function GET(req: NextRequest, context: RouteContext): Promise<Resp
     if (!transcript) {
       return jsonError(404, 'Conversation not found.', 'conversation_not_found')
     }
+    const participantCount = await repo.getParticipantCount(
+      callerCtx.tenantId,
+      callerCtx.organizationId,
+      callerCtx.conversationId,
+    )
     return NextResponse.json({
-      conversation: serializeAiChatConversation(transcript.conversation),
+      conversation: serializeAiChatConversation(transcript.conversation, {
+        callerUserId: callerCtx.userId,
+        participantCount,
+      }),
       messages: transcript.messages.map(serializeAiChatMessage),
       nextCursor: transcript.nextCursor,
     })

package/src/modules/ai_assistant/api/ai/conversations/route.ts CHANGED Viewed

@@ -167,7 +167,7 @@ export async function GET(req: NextRequest): Promise<Response> {
       },
     )
     return NextResponse.json({
-      items: result.items.map(serializeAiChatConversation),
+      items: result.items.map((row) => serializeAiChatConversation(row)),
       nextCursor: result.nextCursor,
     })
   } catch (error) {
@@ -228,6 +228,9 @@ export async function POST(req: NextRequest): Promise<Response> {
     const status = beforeRow ? 200 : 201
     return NextResponse.json(serializeAiChatConversation(row), { status })
   } catch (error) {
+    if (error instanceof Error && error.name === 'AiChatConversationOrgNotFoundError') {
+      return jsonError(400, error.message, 'organization_not_found')
+    }
     if (error instanceof Error && error.name === 'AiChatConversationAccessError') {
       return jsonError(404, error.message, 'conversation_not_found')
     }

package/src/modules/ai_assistant/backend/config/ai-assistant/playground/AiPlaygroundPageClient.tsx CHANGED Viewed

@@ -15,6 +15,7 @@ import { EmptyState } from '@open-mercato/ui/backend/EmptyState'
 import { apiCall, apiCallOrThrow } from '@open-mercato/ui/backend/utils/apiCall'
 import { AiChat, createAiUiPartRegistry, LoopDisabledBanner, useAiShortcuts } from '@open-mercato/ui/ai'
 import type { AiChatDebugPromptSection, AiChatDebugTool } from '@open-mercato/ui/ai'
+import { ConversationShareButton } from '../../../../components/ConversationShareButton'
 type PlaygroundAgentTool = {
   name: string
@@ -301,6 +302,7 @@ function ChatLane({ agent, debug }: { agent: PlaygroundAgent; debug: boolean })
     [agent],
   )
   const [uiParts, setUiParts] = React.useState<PlaygroundUiPartSeed[]>([])
+  const [conversationId, setConversationId] = React.useState<string | null>(null)
   // Step 5.10: the dispatcher does not yet surface `AiUiPart` entries through
   // the plain-text stream consumed by `useAiChat`. For now the playground
@@ -345,6 +347,8 @@ function ChatLane({ agent, debug }: { agent: PlaygroundAgent; debug: boolean })
         debugTools={debugTools}
         debugPromptSections={debugPromptSections}
         uiParts={uiParts}
+        onConversationIdChange={setConversationId}
+        headerActions={conversationId ? <ConversationShareButton conversationId={conversationId} /> : null}
       />
     </div>
   )

package/src/modules/ai_assistant/components/ConversationShareButton.tsx ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { ConversationShareButton } from '@open-mercato/ui/ai'

package/src/modules/ai_assistant/components/ConversationShareDialog.tsx ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { ConversationShareDialog } from '@open-mercato/ui/ai'

package/src/modules/ai_assistant/data/entities.ts CHANGED Viewed

@@ -800,6 +800,7 @@ export class AiChatConversationParticipant {
     | 'organizationId'
     | 'role'
     | 'lastReadAt'
+    | 'deletedAt'
   @PrimaryKey({ type: 'uuid', defaultRaw: 'gen_random_uuid()' })
   id!: string
@@ -822,6 +823,9 @@ export class AiChatConversationParticipant {
   @Property({ name: 'last_read_at', type: Date, nullable: true })
   lastReadAt?: Date | null
+  @Property({ name: 'deleted_at', type: Date, nullable: true })
+  deletedAt?: Date | null
   @Property({ name: 'created_at', type: Date, onCreate: () => new Date() })
   createdAt: Date = new Date()