@resolveio/server-lib 20.14.28 → 20.14.29

package/methods/ai-terminal.d.ts

@@ -18,5 +18,25 @@ export type AiAssistantMongoReadInput = {
         readonly?: boolean;
     };
 };
+export type AiAssistantMongoAggregateInput = {
+    database?: string;
+    collection?: string;
+    query?: Record<string, any>;
+    pipeline?: Array<Record<string, any>>;
+    options?: {
+        allowDiskUse?: boolean;
+        maxTimeMS?: number;
+        limit?: number;
+    };
+    permissionView?: string;
+    id_client?: string;
+    mongo?: {
+        database?: string;
+        databases?: string[];
+        access?: string;
+        readonly?: boolean;
+    };
+};
 export declare function loadAiTerminalMethods(methodManager: any): void;
 export declare function executeAiAssistantMongoRead(payload: AiAssistantMongoReadInput, context: any): Promise<any>;
+export declare function executeAiAssistantMongoAggregate(payload: AiAssistantMongoAggregateInput, context: any): Promise<any>;

package/methods/ai-terminal.js

@@ -14,6 +14,17 @@ var __extends = (this && this.__extends) || (function () {
         d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
     };
 })();
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
 var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
@@ -50,17 +61,6 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
         if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
     }
 };
-var __values = (this && this.__values) || function(o) {
-    var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
-    if (m) return m.call(o);
-    if (o && typeof o.length === "number") return {
-        next: function () {
-            if (o && i >= o.length) o = void 0;
-            return { value: o && o[i++], done: !o };
-        }
-    };
-    throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
-};
 var __read = (this && this.__read) || function (o, n) {
     var m = typeof Symbol === "function" && o[Symbol.iterator];
     if (!m) return o;
@@ -77,9 +77,30 @@ var __read = (this && this.__read) || function (o, n) {
     }
     return ar;
 };
+var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
+    if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
+        if (ar || !(i in from)) {
+            if (!ar) ar = Array.prototype.slice.call(from, 0, i);
+            ar[i] = from[i];
+        }
+    }
+    return to.concat(ar || Array.prototype.slice.call(from));
+};
+var __values = (this && this.__values) || function(o) {
+    var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
+    if (m) return m.call(o);
+    if (o && typeof o.length === "number") return {
+        next: function () {
+            if (o && i >= o.length) o = void 0;
+            return { value: o && o[i++], done: !o };
+        }
+    };
+    throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.loadAiTerminalMethods = loadAiTerminalMethods;
 exports.executeAiAssistantMongoRead = executeAiAssistantMongoRead;
+exports.executeAiAssistantMongoAggregate = executeAiAssistantMongoAggregate;
 var fs_1 = require("fs");
 var events_1 = require("events");
 var os = require("os");
@@ -157,17 +178,21 @@ var AI_ASSISTANT_SYSTEM_PROMPT = [
     '- If the user explicitly asks to create/open/file a support ticket, end your response with a single line exactly in this format:',
     '- SUPPORT_TICKET_CREATE: <one-line summary>',
     '- Only include that line when the user clearly wants a ticket created. Do not claim a ticket is created unless you include that line.',
+    '- Do not end responses with tentative phrasing like "I could" or "I’m going to." Complete the request or state what is required to proceed.',
+    '- Use the codebase context to choose correct collections/fields/workflows and use MONGO_READ/MONGO_AGG to answer with real data when needed.',
     '- For direct questions, answer first. Ask a single follow-up only if required to run a query or resolve missing details.',
     '- If you need database data to answer, end your response with a single line exactly in this format:',
     '- MONGO_READ: {"collection":"<name>","query":{...},"options":{"projection":{...},"sort":{...},"limit":20},"permissionView":"</route>"}',
+    '- If you need grouped/aggregated data (totals by user, rankings, trends), end your response with a single line exactly in this format:',
+    '- MONGO_AGG: {"collection":"<name>","pipeline":[...],"options":{"allowDiskUse":true,"limit":20},"permissionView":"</route>"}',
     '- For invoice data, set permissionView to an invoice route (ex: /invoice/list or /report/invoice).',
     '- Keep queries minimal, read-only, and avoid user/credential data unless the user is a super admin.',
     '- Assume you are not a super admin unless explicitly told otherwise.',
     '- Only request data when the user has permission for that module; invoice data requires invoice view access.',
     '- If the user lacks permission, answer without data and explain how to view it in the app or request access.',
-    '- For counts, totals, or time-range metrics, always use MONGO_READ. Do not guess or return 0 without data.',
-    '- Before issuing MONGO_READ, verify the collection name and key fields by checking collection/model definitions in the current app (look for "collectionName:" and date fields like date_created/date_completed/createdAt). Do not invent collection names.',
-    '- Use MONGO_READ only to produce summaries/snapshots/health checks (not raw dumps) when permitted.',
+    '- For simple counts or time-range totals, use MONGO_READ (includeTotal). For breakdowns, rankings, or sums grouped by a field, use MONGO_AGG.',
+    '- Before issuing MONGO_READ or MONGO_AGG, verify the collection name and key fields by checking collection/model definitions in the current app (look for "collectionName:" and date fields like date_created/date_completed/createdAt). Do not invent collection names.',
+    '- Use MONGO_READ/MONGO_AGG only to produce summaries/snapshots/health checks (not raw dumps) when permitted.',
     '- When referencing data, summarize it in bullets and avoid raw JSON or dumps.',
     '- Keep responses concise and use low reasoning effort.'
 ].join('\n');
@@ -452,6 +477,24 @@ function loadAiTerminalMethods(methodManager) {
                 });
             }
         },
+        aiAssistantMongoAggregate: {
+            check: new simpl_schema_1.default({
+                payload: {
+                    type: Object,
+                    blackbox: true
+                }
+            }),
+            function: function (payload) {
+                return __awaiter(this, void 0, void 0, function () {
+                    return __generator(this, function (_a) {
+                        switch (_a.label) {
+                            case 0: return [4 /*yield*/, executeAiAssistantMongoAggregate(payload, this)];
+                            case 1: return [2 /*return*/, _a.sent()];
+                        }
+                    });
+                });
+            }
+        },
         aiCoderTerminalDeployTest: {
             check: new simpl_schema_1.default({
                 id_conversation: {
@@ -903,6 +946,74 @@ function executeAiAssistantMongoRead(payload, context) {
         });
     });
 }
+function executeAiAssistantMongoAggregate(payload, context) {
+    return __awaiter(this, void 0, void 0, function () {
+        var input, collection, _a, user, isSuperAdmin, customerId, dbName, db, baseQuery, userId, normalizedClient, shouldScopeByClient, _b, clientScopedQuery, scopedQuery, normalizedPipeline, pipelineWithScope, normalizedOptions, limitedPipeline, documents, sanitizedDocuments;
+        var _c;
+        return __generator(this, function (_d) {
+            switch (_d.label) {
+                case 0:
+                    input = payload || {};
+                    collection = normalizeOptionalString(input.collection);
+                    if (!collection) {
+                        throw new Error('AI assistant mongo aggregate: Collection is required.');
+                    }
+                    return [4 /*yield*/, ensureAssistantReadAccess(context, input.permissionView, collection)];
+                case 1:
+                    _a = _d.sent(), user = _a.user, isSuperAdmin = _a.isSuperAdmin;
+                    if (!isSuperAdmin && AI_ASSISTANT_BLOCKED_COLLECTIONS.has(collection)) {
+                        throw new Error('AI assistant mongo aggregate: Access denied.');
+                    }
+                    customerId = normalizeOptionalString((_c = user === null || user === void 0 ? void 0 : user.other) === null || _c === void 0 ? void 0 : _c.id_customer);
+                    dbName = resolveAssistantDatabaseName(input.database, input.mongo);
+                    db = resolveio_server_app_1.ResolveIOServer.getMongoConnection().db(dbName);
+                    baseQuery = normalizeMongoQuery(input.query);
+                    if (!isSuperAdmin && (collection === 'users' || collection === 'user-versions')) {
+                        userId = normalizeOptionalString(user === null || user === void 0 ? void 0 : user._id);
+                        if (!userId) {
+                            throw new Error('AI assistant mongo aggregate: Access denied.');
+                        }
+                        baseQuery = {
+                            $and: [baseQuery, { _id: userId }]
+                        };
+                    }
+                    normalizedClient = normalizeOptionalString(input.id_client);
+                    if (!(!isSuperAdmin && normalizedClient)) return [3 /*break*/, 3];
+                    return [4 /*yield*/, collectionHasClientIndex(db, dbName, collection)];
+                case 2:
+                    _b = _d.sent();
+                    return [3 /*break*/, 4];
+                case 3:
+                    _b = false;
+                    _d.label = 4;
+                case 4:
+                    shouldScopeByClient = _b;
+                    clientScopedQuery = shouldScopeByClient
+                        ? applyClientScopeFilter(baseQuery, normalizedClient, isSuperAdmin)
+                        : baseQuery;
+                    scopedQuery = applyCustomerScopeFilter(clientScopedQuery, collection, customerId, isSuperAdmin);
+                    normalizedPipeline = normalizeAssistantAggregatePipeline(input.pipeline);
+                    pipelineWithScope = buildAssistantAggregatePipeline(scopedQuery, normalizedPipeline);
+                    normalizedOptions = normalizeAssistantAggregateOptions(input.options);
+                    limitedPipeline = applyAssistantAggregateLimit(pipelineWithScope, normalizedOptions.limit);
+                    if (containsForbiddenMongoOperators(limitedPipeline)) {
+                        throw new Error('AI assistant mongo aggregate: Pipeline contains restricted operators.');
+                    }
+                    return [4 /*yield*/, db.collection(collection)
+                            .aggregate(limitedPipeline, normalizedOptions.aggregateOptions)
+                            .toArray()];
+                case 5:
+                    documents = _d.sent();
+                    sanitizedDocuments = isSuperAdmin
+                        ? documents
+                        : documents.map(function (doc) { return redactSensitiveFields((0, common_1.deepCopy)(doc)); });
+                    return [2 /*return*/, {
+                            documents: sanitizedDocuments
+                        }];
+            }
+        });
+    });
+}
 function ensureAssistantReadAccess(context, permissionView, collection) {
     return __awaiter(this, void 0, void 0, function () {
         var idUser, user, isSuperAdmin, normalizedPermission, normalizedCollection;
@@ -979,6 +1090,76 @@ function normalizeAssistantFindOptions(options) {
         includeTotal: normalized.includeTotal === true
     };
 }
+function normalizeAssistantAggregatePipeline(pipeline) {
+    if (!Array.isArray(pipeline)) {
+        return [];
+    }
+    return pipeline.filter(function (stage) { return stage && typeof stage === 'object' && !Array.isArray(stage); });
+}
+function buildAssistantAggregatePipeline(query, pipeline) {
+    var _a;
+    var scopedPipeline = Array.isArray(pipeline) ? __spreadArray([], __read(pipeline), false) : [];
+    if (!query || !Object.keys(query).length) {
+        return scopedPipeline;
+    }
+    if (scopedPipeline.length && ((_a = scopedPipeline[0]) === null || _a === void 0 ? void 0 : _a.$geoNear) && typeof scopedPipeline[0].$geoNear === 'object') {
+        var geoNearStage = __assign({}, scopedPipeline[0].$geoNear);
+        var existingQuery = geoNearStage.query && typeof geoNearStage.query === 'object' ? geoNearStage.query : {};
+        geoNearStage.query = { $and: [existingQuery, query] };
+        return __spreadArray([{ $geoNear: geoNearStage }], __read(scopedPipeline.slice(1)), false);
+    }
+    return __spreadArray([{ $match: query }], __read(scopedPipeline), false);
+}
+function normalizeAssistantAggregateOptions(options) {
+    var normalized = options || {};
+    var allowDiskUse = normalized.allowDiskUse === true ? true : undefined;
+    var maxTimeMS = typeof normalized.maxTimeMS === 'number' && normalized.maxTimeMS > 0
+        ? (0, common_1.round)(normalized.maxTimeMS)
+        : undefined;
+    var limit = typeof normalized.limit === 'number'
+        ? Math.min(Math.max((0, common_1.round)(normalized.limit), 0), AI_ASSISTANT_MONGO_MAX_LIMIT)
+        : undefined;
+    var aggregateOptions = {};
+    if (allowDiskUse !== undefined) {
+        aggregateOptions.allowDiskUse = allowDiskUse;
+    }
+    if (maxTimeMS !== undefined) {
+        aggregateOptions.maxTimeMS = maxTimeMS;
+    }
+    return {
+        aggregateOptions: aggregateOptions,
+        limit: limit
+    };
+}
+function findAggregateLimit(pipeline) {
+    for (var i = 0; i < pipeline.length; i += 1) {
+        var stage = pipeline[i];
+        if (!stage || typeof stage !== 'object') {
+            continue;
+        }
+        var limit = stage.$limit;
+        if (typeof limit === 'number' && Number.isFinite(limit)) {
+            return limit;
+        }
+    }
+    return null;
+}
+function applyAssistantAggregateLimit(pipeline, limit) {
+    var normalizedPipeline = Array.isArray(pipeline) ? __spreadArray([], __read(pipeline), false) : [];
+    var maxLimit = AI_ASSISTANT_MONGO_MAX_LIMIT;
+    var requestedLimit = typeof limit === 'number' && limit > 0
+        ? Math.min(limit, maxLimit)
+        : AI_ASSISTANT_MONGO_DEFAULT_LIMIT;
+    var existingLimit = findAggregateLimit(normalizedPipeline);
+    if (existingLimit === null) {
+        normalizedPipeline.push({ $limit: requestedLimit });
+        return normalizedPipeline;
+    }
+    if (existingLimit > maxLimit) {
+        normalizedPipeline.push({ $limit: maxLimit });
+    }
+    return normalizedPipeline;
+}
 function normalizeMongoQuery(query) {
     var normalized = query && typeof query === 'object' ? query : {};
     if (containsForbiddenMongoOperators(normalized)) {