feat(ai-chat): agent write tools, provenance wiring, chat panel + provider settings UI" -m "Backend:
- Add reversible write tools to the per-user agent toolset (page create/update/ move/soft-delete; comment reply + resolve), exposed under the user's JWT and enforced by Docmost CASL; no permanent/force delete (D3). - Non-spoofable agent provenance: sign actor/aiChatId into the access and collab tokens (TokenService), propagate via jwt.strategy onto the request, and set pages.last_updated_source/last_updated_ai_chat_id on REST create/update/move and comments.created_source/resolved_source/ai_chat_id. - packages/mcp: add an optional getCollabToken provider (content-edit provenance) and guard against empty tokens; service-account /mcp path unchanged. Frontend: - Admin 'AI / Models' settings section: provider/model/embedding/base URL, a write-only API key field, system prompt, and Test connection. - AI chat panel (useChat + DefaultChatTransport): conversation list, streamed messages, tool-call action log and page citations; header entry point gated on settings.ai.chat. Compile-verified (server nest build + client tsc/vite); not yet live-tested. Known gaps: history 'AI agent' badge (C3), vector RAG (D), external MCP (E); chat tool-card citation links pending a fix. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,27 @@
|
||||
import { createParamDecorator, ExecutionContext } from '@nestjs/common';
|
||||
|
||||
/**
|
||||
* The agent-edit provenance carried by the request, read from the SIGNED access
|
||||
* token (set by `jwt.strategy`). `actor` is 'agent' only for the internal AI
|
||||
* agent's minted token; every normal user request resolves to 'user'. Because
|
||||
* it comes from the signed claim — never a client body field — a normal user
|
||||
* cannot fake an 'agent' marker.
|
||||
*/
|
||||
export interface AuthProvenanceData {
|
||||
actor: 'user' | 'agent';
|
||||
aiChatId: string | null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Resolve the request's provenance. Defaults to a 'user' actor when the claim
|
||||
* is absent (e.g. an endpoint reached without going through the access-token
|
||||
* strategy path), so callers can always set the marker unconditionally.
|
||||
*/
|
||||
export const AuthProvenance = createParamDecorator(
|
||||
(data: unknown, ctx: ExecutionContext): AuthProvenanceData => {
|
||||
const request = ctx.switchToHttp().getRequest();
|
||||
const actor = request?.raw?.actor === 'agent' ? 'agent' : 'user';
|
||||
const aiChatId = request?.raw?.aiChatId ?? null;
|
||||
return { actor, aiChatId };
|
||||
},
|
||||
);
|
||||
Reference in New Issue
Block a user