Merge branch 'main' into ai-helper-suggestions-refactor

Author: keegangeorge

.eslintrc.cjs

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+module DiscourseAi
+  module AiBot
+    class ArtifactsController < ApplicationController
+      requires_plugin DiscourseAi::PLUGIN_NAME
+      before_action :require_site_settings!
+
+      skip_before_action :preload_json, :check_xhr, only: %i[show]
+
+      def show
+        artifact = AiArtifact.find(params[:id])
+
+        post = Post.find_by(id: artifact.post_id)
+        if artifact.metadata&.dig("public")
+          # no guardian needed
+        else
+          raise Discourse::NotFound if !post&.topic&.private_message?
+          raise Discourse::NotFound if !guardian.can_see?(post)
+        end
+
+        # Prepare the inner (untrusted) HTML document
+        untrusted_html = <<~HTML
+          <!DOCTYPE html>
+          <html>
+            <head>
+              <meta charset="UTF-8">
+              <title>#{ERB::Util.html_escape(artifact.name)}</title>
+              <style>
+                #{artifact.css}
+              </style>
+            </head>
+            <body>
+              #{artifact.html}
+              <script>
+                #{artifact.js}
+              </script>
+            </body>
+          </html>
+        HTML
+
+        # Prepare the outer (trusted) HTML document
+        trusted_html = <<~HTML
+          <!DOCTYPE html>
+          <html>
+            <head>
+              <meta charset="UTF-8">
+              <title>#{ERB::Util.html_escape(artifact.name)}</title>
+              <style>
+                html, body, iframe {
+                  margin: 0;
+                  padding: 0;
+                  width: 100%;
+                  height: 100%;
+                  border: 0;
+                  overflow: hidden;
+                }
+                iframe {
+                  overflow: auto;
+                }
+              </style>
+            </head>
+            <body>
+              <iframe sandbox="allow-scripts allow-forms" height="100%" width="100%" srcdoc="#{ERB::Util.html_escape(untrusted_html)}" frameborder="0"></iframe>
+            </body>
+          </html>
+        HTML
+
+        response.headers.delete("X-Frame-Options")
+        response.headers["Content-Security-Policy"] = "script-src 'unsafe-inline';"
+        response.headers["X-Robots-Tag"] = "noindex"
+
+        # Render the content
+        render html: trusted_html.html_safe, layout: false, content_type: "text/html"
+      end
+
+      private
+
+      def require_site_settings!
+        if !SiteSetting.discourse_ai_enabled ||
+             !SiteSetting.ai_artifact_security.in?(%w[lax strict])
+          raise Discourse::NotFound
+        end
+      end
+    end
+  end
+end

app/controllers/discourse_ai/ai_bot/artifacts_controller.rb

@@ -7,7 +7,8 @@ class SharedAiConversationsController < ::ApplicationController
       requires_login only: %i[create update destroy]
       before_action :require_site_settings!
 
-      skip_before_action :preload_json, :check_xhr, only: %i[show]
+      skip_before_action :preload_json, :check_xhr, only: %i[show asset]
+      skip_before_action :verify_authenticity_token, only: ["asset"]
 
       def create
         ensure_allowed_create!
@@ -50,6 +51,30 @@ def show
         end
       end
 
+      def asset
+        no_cookies
+
+        name = params[:name]
+        path, content_type =
+          if name == "share"
+            %w[share.css text/css]
+          elsif name == "highlight"
+            %w[highlight.min.js application/javascript]
+          else
+            raise Discourse::NotFound
+          end
+
+        content = File.read(DiscourseAi.public_asset_path("ai-share/#{path}"))
+
+        # note, path contains a ":version" which automatically busts the cache
+        # based on file content, so this is safe
+        response.headers["Last-Modified"] = 10.years.ago.httpdate
+        response.headers["Content-Length"] = content.bytesize.to_s
+        immutable_for 1.year
+
+        render plain: content, disposition: :nil, content_type: content_type
+      end
+
       def preview
         ensure_allowed_preview!
         data = SharedAiConversation.build_conversation_data(@topic, include_usernames: true)

app/controllers/discourse_ai/ai_bot/shared_ai_conversations_controller.rb

@@ -2,13 +2,29 @@
 module DiscourseAi
   module AiBot
     module SharedAiConversationsHelper
-      # bump up version when assets change
-      # long term we may want to change this cause it is hard to remember
-      # to bump versions, but for now this does the job
-      VERSION = "1"
+      # keeping it here for caching
+      def self.share_asset_url(asset_name)
+        if !%w[share.css highlight.js].include?(asset_name)
+          raise StandardError, "unknown asset type #{asset_name}"
+        end
 
-      def share_asset_url(short_path)
-        ::UrlHelper.absolute("/plugins/discourse-ai/ai-share/#{short_path}?#{VERSION}")
+        @urls ||= {}
+        url = @urls[asset_name]
+        return url if url
+
+        path = asset_name
+        path = "highlight.min.js" if asset_name == "highlight.js"
+
+        content = File.read(DiscourseAi.public_asset_path("ai-share/#{path}"))
+        sha1 = Digest::SHA1.hexdigest(content)
+
+        url = "/discourse-ai/ai-bot/shared-ai-conversations/asset/#{sha1}/#{asset_name}"
+
+        @urls[asset_name] = GlobalPath.cdn_path(url)
+      end
+
+      def share_asset_url(asset_name)
+        DiscourseAi::AiBot::SharedAiConversationsHelper.share_asset_url(asset_name)
       end
     end
   end

app/helpers/discourse_ai/ai_bot/shared_ai_conversations_helper.rb

@@ -13,6 +13,7 @@ module Provider
     Cohere = 6
     Ollama = 7
     SambaNova = 8
+    Mistral = 9
   end
 
   def next_log_id

app/models/ai_api_audit_log.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+class AiArtifact < ActiveRecord::Base
+  belongs_to :user
+  belongs_to :post
+  validates :html, length: { maximum: 65_535 }
+  validates :css, length: { maximum: 65_535 }
+  validates :js, length: { maximum: 65_535 }
+
+  def self.iframe_for(id)
+    <<~HTML
+      <div class='ai-artifact'>
+        <iframe src='#{url(id)}' frameborder="0" height="100%" width="100%"></iframe>
+        <a href='#{url(id)}' target='_blank'>#{I18n.t("discourse_ai.ai_artifact.link")}</a>
+      </div>
+    HTML
+  end
+
+  def self.url(id)
+    Discourse.base_url + "/discourse-ai/ai-bot/artifacts/#{id}"
+  end
+
+  def self.share_publicly(id:, post:)
+    artifact = AiArtifact.find_by(id: id)
+    artifact.update!(metadata: { public: true }) if artifact&.post&.topic&.id == post.topic.id
+  end
+
+  def self.unshare_publicly(id:)
+    artifact = AiArtifact.find_by(id: id)
+    artifact&.update!(metadata: { public: false })
+  end
+
+  def url
+    self.class.url(id)
+  end
+end
+
+# == Schema Information
+#
+# Table name: ai_artifacts
+#
+#  id         :bigint           not null, primary key
+#  user_id    :integer          not null
+#  post_id    :integer          not null
+#  name       :string(255)      not null
+#  html       :string(65535)
+#  css        :string(65535)
+#  js         :string(65535)
+#  metadata   :jsonb
+#  created_at :datetime         not null
+#  updated_at :datetime         not null
+#

app/models/ai_artifact.rb

@@ -51,5 +51,6 @@ def outdated
 #
 # Indexes
 #
-#  index_ai_summaries_on_target_type_and_target_id  (target_type,target_id)
+#  idx_on_target_id_target_type_summary_type_3355609fbb  (target_id,target_type,summary_type) UNIQUE
+#  index_ai_summaries_on_target_type_and_target_id       (target_type,target_id)
 #

app/models/ai_summary.rb

@@ -8,6 +8,7 @@ class CompletionPrompt < ActiveRecord::Base
   CUSTOM_PROMPT = -305
   EXPLAIN = -306
   ILLUSTRATE_POST = -308
+  DETECT_TEXT_LOCALE = -309
 
   enum :prompt_type, { text: 0, list: 1, diff: 2 }
 

app/models/completion_prompt.rb

@@ -26,6 +26,16 @@ def self.provider_params
       },
       open_ai: {
         organization: :text,
+        disable_native_tools: :checkbox,
+      },
+      mistral: {
+        disable_native_tools: :checkbox,
+      },
+      google: {
+        disable_native_tools: :checkbox,
+      },
+      azure: {
+        disable_native_tools: :checkbox,
       },
       hugging_face: {
         disable_system_prompt: :checkbox,

app/models/llm_model.rb

@@ -34,6 +34,12 @@ def self.share_conversation(user, target, max_posts: DEFAULT_MAX_POSTS)
 
   def self.destroy_conversation(conversation)
     conversation.destroy
+
+    maybe_topic = conversation.target
+    if maybe_topic.is_a?(Topic)
+      AiArtifact.where(post: maybe_topic.posts).update_all(metadata: { public: false })
+    end
+
     ::Jobs.enqueue(
       :shared_conversation_adjust_upload_security,
       target_id: conversation.target_id,
@@ -165,7 +171,7 @@ def self.build_conversation_data(topic, max_posts: DEFAULT_MAX_POSTS, include_us
             id: post.id,
             user_id: post.user_id,
             created_at: post.created_at,
-            cooked: post.cooked,
+            cooked: cook_artifacts(post),
           }
 
           mapped[:persona] = persona if ai_bot_participant&.id == post.user_id
@@ -175,6 +181,24 @@ def self.build_conversation_data(topic, max_posts: DEFAULT_MAX_POSTS, include_us
     }
   end
 
+  def self.cook_artifacts(post)
+    html = post.cooked
+    return html if !%w[lax strict].include?(SiteSetting.ai_artifact_security)
+
+    doc = Nokogiri::HTML5.fragment(html)
+    doc
+      .css("div.ai-artifact")
+      .each do |node|
+        id = node["data-ai-artifact-id"].to_i
+        if id > 0
+          AiArtifact.share_publicly(id: id, post: post)
+          node.replace(AiArtifact.iframe_for(id))
+        end
+      end
+
+    doc.to_s
+  end
+
   private
 
   def populate_user_info!(posts)