@saltcorn/copilot 0.7.5 → 0.8.0

package/actions/generate-workflow.js

@@ -14,7 +14,7 @@ const optionNames = (options = []) =>
     .map((opt) =>
       typeof opt === "string"
         ? opt
-        : opt?.name || opt?.label || opt?.value || "",
+        : opt?.name || opt?.label || opt?.value || ""
     )
     .filter(Boolean);
 
@@ -39,8 +39,12 @@ const summarizeTriggerActionMatrix = () => {
       const pool = table_triggers.includes(when) ? allActions : noRowActions;
       return `* ${when}: ${joinOptionNames(pool)}`;
     });
-    const notes = `Triggers requiring a table context: ${table_triggers.join(", ")}.
-Additional triggers that commonly use contextual only_if checks: ${additional_triggers_with_onlyif.join(", ")}.`;
+    const notes = `Triggers requiring a table context: ${table_triggers.join(
+      ", "
+    )}.
+Additional triggers that commonly use contextual only_if checks: ${additional_triggers_with_onlyif.join(
+      ", "
+    )}.`;
     return `${notes}
 ${lines.join("\n")}`;
   } catch (e) {
@@ -58,8 +62,10 @@ const summarizeTables = async () => {
     const rows = tables.map((table) => {
       const description = table.description ? ` – ${table.description}` : "";
       const fields = (table.fields || [])
-        .slice(0, 8)
-        .map((f) => `${f.name}:${fieldType(f)}`)
+        .map((f) => {
+          const tag = f.calculated && !f.stored ? " (virtual, read-only)" : "";
+          return `${f.name}:${fieldType(f)}${tag}`;
+        })
         .join(", ");
       const fieldText = fields ? ` fields: ${fields}` : "";
       return `* ${table.name}${description}${fieldText}`;
@@ -77,7 +83,7 @@ const steps = async () => {
 
   let stateActions = getState().actions;
   const stateActionList = Object.entries(stateActions).filter(
-    ([k, v]) => !v.disableInWorkflow,
+    ([k, v]) => !v.disableInWorkflow
   );
 
   const stepTypeAndCfg = Object.keys(actionExplainers).map((actionName) => {
@@ -85,7 +91,7 @@ const steps = async () => {
       step_type: { type: "string", enum: [actionName] },
     };
     const myFields = actionFields.filter(
-      (f) => f.showIf?.wf_action_name === actionName,
+      (f) => f.showIf?.wf_action_name === actionName
     );
     const required = ["step_type"];
     myFields.forEach((f) => {
@@ -147,14 +153,15 @@ const steps = async () => {
       const table = Table.findOne({ id: trigger.table_id });
       const fieldSpecs = [];
       table.fields.forEach((f) => {
+        if (f.calculated && !f.stored) return; // virtual fields have no DB column
         // TODO fkeys dereferenced.
         fieldSpecs.push(`${f.name} with ${f.pretty_type} type`);
       });
       properties.row_expr = {
         type: "string",
         description: `JavaScript expression for the input to the action. This should be an expression for an object, with the following field name and types: ${fieldSpecs.join(
-          "; ",
-        )}.`,
+          "; "
+        )}. IMPORTANT: omit any non-stored calculated fields — they have no database column and cannot be written. Only include regular fields and stored calculated fields. Keep this expression simple: it should reference values already in the context, not perform inline queries or complex logic. If the values are not yet in context, add a dedicated preceding step (TableQuery, run_js_code, or whichever fits) to fetch or compute them first.`,
       };
     }
     const required = ["step_type"];
@@ -218,7 +225,9 @@ class GenerateWorkflow {
           enum: Trigger.when_options,
         },
         trigger_table: {
-          description: `If the workflow trigger is ${table_triggers.join(", ")}, the name of the table that triggers the workflow`,
+          description: `If the workflow trigger is ${table_triggers.join(
+            ", "
+          )}, the name of the table that triggers the workflow`,
           type: "string",
         },
       },
@@ -229,7 +238,7 @@ class GenerateWorkflow {
     const actionExplainers = WorkflowStep.builtInActionExplainers();
     let stateActions = getState().actions;
     const stateActionList = Object.entries(stateActions).filter(
-      ([k, v]) => !v.disableInWorkflow,
+      ([k, v]) => !v.disableInWorkflow
     );
     const [tableSummary, triggerMatrix] = await Promise.all([
       summarizeTables(),
@@ -242,30 +251,42 @@ class GenerateWorkflow {
       .filter(Boolean)
       .join("\n\n");
 
-    return `Use the generate_workflow tool to construct computational workflows according to specifications. You must create 
+    return `Use the generate_workflow tool to construct computational workflows according to specifications. You must create
   the workflow by calling the generate_workflow tool, with the step required to implement the specification.
-  
+
   ${contextBlocks}
-  
-  The steps are specified as JSON objects. Each step has a name, specified in the step_name key in the JSON object. 
+
+  The steps are specified as JSON objects. Each step has a name, specified in the step_name key in the JSON object.
   The step name should be a valid JavaScript identifier.
-  
+
   When the user explicitly names an action/step type (for example "ForLoop" or "Toast"), ensure the generated workflow contains at least one step whose step_configuration.step_type exactly matches every requested action. Only skip this if the action genuinely does not exist; in that case, clearly explain the omission in the workflow description.
 
+  CRITICAL — non-stored calculated fields cannot be written:
+  In the table summary above, fields marked (virtual, read-only) are non-stored calculated fields — they have no database column and are computed on-the-fly by Saltcorn. Never include such fields in modify_row row expressions, run_js_code return objects, or SQL UPDATE statements. If you see a field in the table summary marked (virtual, read-only), treat it as read-only everywhere: omit it from any write operation. Only regular fields and stored calculated fields (not marked virtual) have database columns and can be written. Virtual fields refresh automatically when the fields they depend on change — no explicit update is needed.
+
+  IMPORTANT — keep row expressions simple; use dedicated steps for data fetching:
+  Row expressions (e.g. in modify_row) should be simple references to values already in the context — not inline queries or complex logic. If the values you need are not already in context, add a dedicated step before the row expression step to fetch or compute them and write the results into the context. Choose the step type that fits the job: TableQuery to query a table, run_js_code for custom computation, or any other appropriate step. Each step should do one clear thing; the row expression then just picks the relevant context values.
+
+  CRITICAL — every workflow must form a single connected chain from the first step to the last:
+  - Every step except the very last one MUST have a next_step that names another step in the workflow.
+  - The very last step must have next_step omitted or set to an empty string to terminate the workflow.
+  - No step may be an island: every step must be reachable by following next_step links from the first step.
+  - Before submitting, mentally trace the path: first_step → next_step → … → last_step. If any step is unreachable or any link is missing, fix it before calling the tool.
+
   Each run of the workflow is executed in the presence of a context, which is a JavaScript object that individual
-  steps can read values from and write values to. This context is a state that is persisted on disk for each workflow 
-  run. 
-  
-  Each step can have a next_step key which is the name of the next step, or a JavaScript expression which evaluates 
-  to the name of the next step based on the context. In the evaluation of the next step, each value in the context is 
-  in scope and can be addressed directly. Identifiers for the step names are also in scope, the name of the next step 
-  can be used directly without enclosing it in quotes to form a string. 
-  
+  steps can read values from and write values to. This context is a state that is persisted on disk for each workflow
+  run.
+
+  Each step can have a next_step key which is the name of the next step, or a JavaScript expression which evaluates
+  to the name of the next step based on the context. In the evaluation of the next step, each value in the context is
+  in scope and can be addressed directly. Identifiers for the step names are also in scope, the name of the next step
+  can be used directly without enclosing it in quotes to form a string.
+
   For example, if the context contains a value x which is an integer and you have steps named "too_low" and "too_high",
   and you would like the next step to be too_low if x is less than 10 and too_high otherwise,
   use this as the next_step expression: x<10 ? too_low : too_high
-  
-  If the next_step is omitted then the workflow terminates.
+
+  If the next_step is omitted then the workflow terminates. Only the final step should have next_step omitted.
   
   Each step has a step_configuration object which contains the step type and the specific parameters of 
   that step type. You should specify the step type in the step_type subfield of the step_configuration
@@ -282,9 +303,11 @@ class GenerateWorkflow {
   step types:
   
   run_js_code: if the step_type is "run_js_code" then the step object should include the JavaScript code to be executed in the "code"
-  key. You can use await in the code if you need to run asynchronous code. The values in the context are directly in scope and can be accessed using their name. In addition, the variable 
+  key. You can use await in the code if you need to run asynchronous code. The values in the context are directly in scope and can be accessed using their name. In addition, the variable
   "context" is also in scope and can be used to address the context as a whole. To write values to the context, return an
-  object. The values in this object will be written into the current context. If a value already exists in the context 
+  object. The following Saltcorn models are already available in scope without any require: Table, Row, Field, User, View, Trigger, Page, File — use them directly.
+  When you need to require other modules, always use a plain require call, e.g. const moment = require('moment');
+  NEVER use the pattern const X = X || require(...) — this causes a ReferenceError because const variables cannot be referenced before initialization. The values in this object will be written into the current context. If a value already exists in the context 
   it will be overwritten. For example, If the context contains values x and y which are numbers and you would like to push
   the value "sum" which is the sum of x and y, then use this as the code: return {sum: x+y}. You cannot set the next step in the 
   return object or by returning a string from a run_js_code step, this will not work. To set the next step from a code action, always use the next_step property of the step object.
@@ -318,8 +341,25 @@ class GenerateWorkflow {
   static async execute(
     { workflow_steps, workflow_name, when_trigger, trigger_table },
     req,
+    context_vars
   ) {
-    const steps = this.process_all_steps(workflow_steps);
+    let allSteps = workflow_steps;
+    let initContextStep = null;
+    if (context_vars && Object.keys(context_vars).length) {
+      const firstUserStep = allSteps[0]?.step_name || "";
+      initContextStep = {
+        step_name: "init_context",
+        only_if: "",
+        next_step: firstUserStep,
+        step_configuration: {
+          step_type: "run_js_code",
+          run_where: "Server",
+          code: `return ${JSON.stringify(context_vars, null, 2)};`,
+        },
+      };
+      allSteps = [initContextStep, ...allSteps];
+    }
+    const steps = this.process_all_steps(allSteps);
     let table_id;
     if (trigger_table) {
       const table = Table.findOne({ name: trigger_table });
@@ -333,10 +373,17 @@ class GenerateWorkflow {
       action: "Workflow",
       configuration: {},
     });
-    for (const step of steps) {
+    // Insert user steps first so the init_context next_step target already
+    // exists in the DB when init_context is created.
+    const [initStep, ...userSteps] = initContextStep ? steps : [null, ...steps];
+    for (const step of initContextStep ? userSteps : steps) {
       step.trigger_id = trigger.id;
       await WorkflowStep.create(step);
     }
+    if (initStep) {
+      initStep.trigger_id = trigger.id;
+      await WorkflowStep.create(initStep);
+    }
     Trigger.emitEvent("AppChange", `Trigger ${trigger.name}`, req?.user, {
       entity_type: "Trigger",
       entity_name: trigger.name,
@@ -346,7 +393,7 @@ class GenerateWorkflow {
         "Workflow created. " +
         a(
           { target: "_blank", href: `/actions/configure/${trigger.id}` },
-          "Configure workflow.",
+          "Configure workflow."
         ),
     };
   }
@@ -364,14 +411,14 @@ class GenerateWorkflow {
         step.id = ix + 1;
       });
       const mmdia = WorkflowStep.generate_diagram(
-        steps.map((s) => new WorkflowStep(s)),
+        steps.map((s) => new WorkflowStep(s))
       );
       console.log({ mmdia });
       return (
         div(
           `${workflow_name}${when_trigger ? `: ${when_trigger}` : ""}${
             trigger_table ? ` on ${trigger_table}` : ""
-          }`,
+          }`
         ) +
         pre({ class: "mermaid" }, mmdia) +
         script(
@@ -380,13 +427,13 @@ class GenerateWorkflow {
             mermaid.initialize({ startOnLoad: false });
             mermaid.run({ querySelector: ".mermaid" });
           });
-        `),
-        ) 
+        `)
+        )
       );
     }
 
     return `A workflow! Step names: ${workflow_steps.map(
-      (s) => s.step_name,
+      (s) => s.step_name
     )}. Upgrade Saltcorn to see diagrams in copilot`;
   }
 

package/actions/install-plugin-action.js

@@ -0,0 +1,103 @@
+// Core install logic. Deprecated chat-copilot format;
+// the Agent Chat structure uses agent-skills/install-plugin.js instead.
+const { getState } = require("@saltcorn/data/db/state");
+const db = require("@saltcorn/data/db");
+const Plugin = require("@saltcorn/data/models/plugin");
+const { div, span, a } = require("@saltcorn/markup/tags");
+
+class InstallPluginAction {
+  static title = "Install Plugin";
+  static function_name = "install_plugin";
+  static description = "Install a Saltcorn plugin from the store or from npm";
+
+  static json_schema() {
+    return {
+      type: "object",
+      properties: {
+        plugin_name: {
+          description:
+            "Name of the plugin as it appears in the Saltcorn plugin store (e.g. 'maps', 'chart'). Use this when the user refers to a plugin by its friendly name.",
+          type: "string",
+        },
+        npm_package: {
+          description:
+            "NPM package name to install directly (e.g. '@saltcorn/fullcalendar'). Use this when the user specifies an npm package name.",
+          type: "string",
+        },
+      },
+    };
+  }
+
+  static async system_prompt() {
+    return (
+      `Use the install_plugin function to install a Saltcorn plugin when the user asks to install, add, or enable a plugin. ` +
+      `Prefer plugin_name (store lookup) when the user gives a human-readable name. ` +
+      `Use npm_package when the user supplies an npm package name. ` +
+      `Do not install the same plugin twice; check if it is already installed first.`
+    );
+  }
+
+  static render_html({ plugin_name, npm_package }) {
+    const label = plugin_name || npm_package;
+    return div(
+      { class: "mb-2" },
+      span({ class: "badge bg-secondary me-2" }, "Plugin"),
+      span({ class: "fw-bold" }, label)
+    );
+  }
+
+  static async execute({ plugin_name, npm_package }, req) {
+    const schema = db.getTenantSchema();
+
+    // Resolve the plugin object
+    let plugin;
+    if (plugin_name) {
+      plugin = await Plugin.store_by_name(plugin_name);
+      if (!plugin) {
+        return { postExec: `Plugin "${plugin_name}" not found in store.` };
+      }
+      // strip any existing DB id so we insert fresh
+      delete plugin.id;
+    } else if (npm_package) {
+      plugin = new Plugin({
+        name: npm_package,
+        source: "npm",
+        location: npm_package,
+      });
+    } else {
+      return { postExec: "Please provide a plugin name or npm package." };
+    }
+
+    // Check already installed
+    const existing = await Plugin.findOne({ name: plugin.name });
+    if (existing) {
+      return {
+        postExec:
+          `Plugin "${plugin.name}" is already installed. ` +
+          a({ target: "_blank", href: `/plugins` }, "Manage plugins."),
+      };
+    }
+
+    const force = schema === db.connectObj.default_schema;
+
+    try {
+      const msgs = await Plugin.loadAndSaveNewPlugin(
+        plugin,
+        force,
+        undefined,
+        (s) => s,
+        true // allowUnsafeOnTenantsWithoutConfigSetting
+      );
+      const warnings = (msgs || []).map((m) => `<br>⚠ ${m}`).join("");
+      return {
+        postExec:
+          `Plugin "${plugin.name}" installed successfully.${warnings} ` +
+          a({ target: "_blank", href: `/plugins` }, "Manage plugins."),
+      };
+    } catch (e) {
+      return { postExec: `Error installing plugin: ${e.message}` };
+    }
+  }
+}
+
+module.exports = InstallPluginAction;

package/agent-skills/app-constructor-context.js

@@ -0,0 +1,25 @@
+const user_registration_hints = `User registration notes:
+* The "users" table is built-in. Passwords are platform-managed — never add a password field to a view.
+* Signup uses a built-in form, not an Edit view.
+* For verification/confirmation emails after registration, create a Trigger with event "Insert" on "users".
+  The trigger must use a Workflow action with a single step of type "run_js_code". Do NOT use the send_email action — it will not work for verification. The run_js_code step must contain exactly:
+  const { send_verification_email } = require("@saltcorn/data/models/email");
+  await send_verification_email(row, req);`;
+
+class AppConstructorContextSkill {
+  static skill_name = "AppConstructor Context";
+
+  get skill_label() {
+    return "AppConstructor Context";
+  }
+
+  constructor(cfg) {
+    Object.assign(this, cfg);
+  }
+
+  async systemPrompt() {
+    return user_registration_hints;
+  }
+}
+
+module.exports = AppConstructorContextSkill;