feat(ai-chat): per-user AI agent backend — LLM config, read-only agent, provenance schema

WIP checkpoint of the gitmost AI-chat backend (plan stages A + B1 + B3a).
The agent acts under the requesting user's JWT (Docmost CASL enforces page
access); the external service-account /mcp endpoint is untouched.

LLM provider config (A2-A4):
- integrations/crypto: AES-256-GCM SecretBoxService (key derived from APP_SECRET,
  per-record salt/iv; clear error on rotation instead of crashing).
- ai_provider_credentials table/repo/types: encrypted API key stored outside
  workspace settings/baseFields, write-only (never returned by any endpoint).
- integrations/ai: per-workspace AI SDK v6 provider driver (openai/gemini/ollama),
  admin-gated GET(masked)/PATCH(write-only key)/Test endpoints; settings.ai.provider
  holds non-secret config incl. systemPrompt. Removed unused AI_* env getters (DB is
  the single source of truth).

Chat module (A1, A5-A8):
- ai_chats/ai_chat_messages repos (workspace-scoped, soft-delete, tsv never selected).
- core/ai-chat: CRUD + POST /ai-chat/stream (Fastify hijack + AI SDK v6
  pipeUIMessageStreamToResponse, abort on disconnect, persist user/assistant msgs).
- Agent loop: streamText + stepCountIs(8); read tools searchPages/getPage via a
  per-request DocmostClient over loopback REST under the user's minted access token.
- Gate settings.ai.chat (+ 503 when provider unconfigured); buildSystemPrompt with a
  non-removable safety/anti-prompt-injection framework. Per-user rate limit.

Per-user auth (B1):
- @docmost/mcp DocmostClient gains an additive getToken variant (carry a user JWT,
  re-fetch on 401) and exports DocmostClient; the email/password service-account path
  (external /mcp, stdio) is unchanged.

Agent-edit provenance backbone (B3a):
- Migration: pages/page_history (last_updated_source, last_updated_ai_chat_id) and
  comments (created_source, ai_chat_id, resolved_source).
- Signed actor/aiChatId claim in the collab token; onAuthenticate propagates it,
  onStoreDocument writes it with a sticky agent marker, saveHistory copies it.

Migrations auto-run on boot (additive). Write tools, frontend, RAG and external MCP
servers are not in this checkpoint.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

apps/server/src/integrations/ai/ai.service.ts

@@ -0,0 +1,81 @@
+import { Injectable } from '@nestjs/common';
+import { generateText, type LanguageModel } from 'ai';
+import { createOpenAI } from '@ai-sdk/openai';
+import { createGoogleGenerativeAI } from '@ai-sdk/google';
+import { createOllama } from 'ai-sdk-ollama';
+import { AiSettingsService } from './ai-settings.service';
+import { AiNotConfiguredException } from './ai-not-configured.exception';
+
+/**
+ * Builds AI SDK language models from per-workspace config and runs cheap
+ * connectivity checks.
+ *
+ * The provider client is built PER WORKSPACE on demand — never cached globally —
+ * and the decrypted API key is held only for the duration of the call and is
+ * never logged (§6.2/§8).
+ */
+@Injectable()
+export class AiService {
+  constructor(private readonly aiSettings: AiSettingsService) {}
+
+  /**
+   * Resolve the workspace config and build the chat language model.
+   * Throws AiNotConfiguredException (→ 503) when the config is incomplete.
+   */
+  async getChatModel(workspaceId: string): Promise<LanguageModel> {
+    const cfg = await this.aiSettings.resolve(workspaceId);
+    if (
+      !cfg?.driver ||
+      !cfg?.chatModel ||
+      (cfg.driver !== 'ollama' && !cfg.apiKey)
+    ) {
+      throw new AiNotConfiguredException();
+    }
+
+    switch (cfg.driver) {
+      case 'openai':
+        // baseURL (when set) covers openai-compatible endpoints.
+        return createOpenAI({ apiKey: cfg.apiKey, baseURL: cfg.baseUrl })(
+          cfg.chatModel,
+        );
+      case 'gemini':
+        return createGoogleGenerativeAI({ apiKey: cfg.apiKey })(cfg.chatModel);
+      case 'ollama':
+        // Ollama needs no API key.
+        return createOllama({ baseURL: cfg.baseUrl })(cfg.chatModel);
+      default:
+        throw new AiNotConfiguredException();
+    }
+  }
+
+  /**
+   * Cheap connectivity check. Builds the model and asks for a one-word reply.
+   * Never leaks the provider's raw error body or the key — only a short,
+   * generic message (§6.4/§8.3).
+   */
+  async testConnection(
+    workspaceId: string,
+  ): Promise<{ ok: true } | { ok: false; error: string }> {
+    let model: LanguageModel;
+    try {
+      model = await this.getChatModel(workspaceId);
+    } catch (err) {
+      if (err instanceof AiNotConfiguredException) {
+        return { ok: false, error: 'AI provider not configured' };
+      }
+      // Defensive: do not surface internal error details.
+      return { ok: false, error: 'AI provider not configured' };
+    }
+
+    try {
+      await generateText({ model, prompt: 'ping' });
+      return { ok: true };
+    } catch {
+      // Do NOT include the provider's raw error (may echo the request/key).
+      return {
+        ok: false,
+        error: 'Failed to reach the AI provider. Check the settings and key.',
+      };
+    }
+  }
+}